
Application No.: 09/498,369 
lal Notice Regarding Related Litigation 




that this correspom 
ace under 37 ffiFR 




^\ PATENT^^X' 
Customer No. 22,852 
Attorney Docket No. 7451 .0010-01 
InterTrust Ref. No.: IT-14.1 (US) 



CERTIFICATE OF EXPRESS MAILING 
fs being deposited with the United States Postal Service's "Express Mail Post Office to 
, in an envelope addressed to: Commissioner for Patents, P.O. Box 1450, Alexandria, VA 



il Label I 



Athena E. Pi 



EV533069778US 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

In re Application of: 



Group Art Unit: 3629 
Examiner: DIXON, Thomas A. 



Confirmation No.: 8725 



RECEIVE 

S- f 2 1 2004 



RU 



Victor H. Shear et al. 

Application No.: 09/498,369 

Filed: February 4, 2000 

For: : METHODS FOR MATCHING, 

SELECTING, NARROWCASTING, 
AND/OR CLASSIFYING BASED 
ON RIGHTS MANAGEMENT 
AND/OR OTHER INFORMATION 

Commissioner for Patents 

P.O. Box 1450 

Alexandria, VA 22313-1450 

Sir: 

FINAL NOTICE REGARDING RELATED LITIGATION 

Applicants submit this Final Notice to inform the Examiner of the status of the 
litigation between InterTrust and Microsoft, captioned InterTrust Technology Corp. v. 
Microsoft Corp. (C 01-1640 SBA, N. D. Ca.), in fulfillment of their duty to disclose 
information potentially material to patentability under 37 CFR §§1.56 and 1.97. This 
paper is being filed after the events recited in Section 1 .97(b), but before the mailing 
date of any action closing prosecution. The Office is hereby authorized to charge the 
required fee of $1 80.00, as specified by Section 1 .1 7(p), to Deposit Account No. 
06-0916. 

09/17/E004 YP0LITE1 00000055 060916 09498369 

1 

01 FC:1806 180.00 DA 



Application No.: 09/498,369 

Final Notice Regarding Related Litigation 



PATENT 
Customer No. 22,852 
Attorney Docket No. 7451.0010-01 
InterTrust Ref. No.: IT-14.1 (US) 



Applicants submit this Notice Regarding Related Litigation in fulfillment of their 
duty to disclose information potentially material to patentability under 37 C.F.R. 1 .56. 
This submission does not constitute an admission that any of the listed documents are 
material or constitute "prior art." 
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This paper is entitled "Final Notice" because this litigation has been dismissed 
with prejudice following settlement of the dispute. The present application, Application 
No. 09/498,369, is a continuation of U.S. Application No. 08/965,185, which issued as 
U.S. Patent No. 6,1 12,181 (one of the patents asserted in the litigation 1 ). This 
application and/or its ancestor applications may also be related to the patents in suit by 
1) incorporating by reference the patents in suit and/or applications leading to the 
patents in suit; 2) containing statements that their subject matter may bear relation to 
the patents in suit and/or applications leading to the patents in suit; and/or 3) claiming 
the benefit of priority of common applications. 



The final status of the litigation is as follows. On September 2, 2003, InterTrust 
filed InterTrust's Disclosures of Asserted Claims and Preliminary Infringement 
Contentions Pursuant to Patent Local Rules 3-1 and 3-2, including Exhibits (A-C 2 ). See 
Tab 1. Exhibits 1A and 1B are submitted herewith. Exhibit 1C has not been provided 
because (1) it is marked "Confidential - Subject to Protective Order" and "Attorneys 
Eyes Only" (as it pertains to proprietary Microsoft information); and (2) it is not material 
to the patentability of the pending claims, as it contains only information pertaining to 
Microsoft's current products and systems. 

1 The following is a list of all patents asserted: 6,389,402, 6,253,193, 6,185,683, 
6,157,721, 6112,181, 5,982,891, 5,949,876, 5,940,504, 5,920,861, 5,917,912, 
5,915,019, and 5,892,900. 

2 To distinguish between sub-exhibits of tabs referred to in this paper, Applicants will 
hereinafter prefix each sub-exhibit with its corresponding tab (e.g., Exhibits A-C of Tab 1 
will be referred to as Exhibits 1A-1C). 
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On November 17, 2003, Microsoft filed Defendant Microsoft Corporation's 
Preliminary Invalidity Contentions (Patent Local Rules 3-3 and 3-4). See Tab 2, 
including Exhibits 2A-2C. 3 

On February 23, 2004, Microsoft filed a Notice of Motion and Memorandum in 
Support of Motion for Partial Summary Judgment of Invalidity of the Asserted Claims of 
the '900 Patent (Anticipation). See Tab 3. 

On February 23, 2004, Microsoft also filed a Notice of Motion, Motion and 
Memorandum in Support of it's Motion for Partial Summary Judgment of Invalidity of the 
Asserted Claims of the '1 81 Patent (Anticipation). See Tab 4. 

The parties subsequently settled and, on May 5, 2004, filed a Joint Stipulation of 
Dismissal with Prejudice. See Tab 5. 

Tab 6 is a copy of the press release announcing the settlement and indicating 
that Microsoft has taken a comprehensive license to InterTrust's patent portfolio for a 
one-time payment of $440 million. 



Applicants encourage the Examiner to carefully review the attached documents, 
and let Applicants know if any additional information is desired. 

With this Notice, Applicants have provided copies of the papers described in the 
Status of Related Litigation section above. Furthermore, a voluminous number of 
documents have been referred to in the Microsoft paper attached as Tab 2 (specifically, 
in Exhibit 2A, attached thereto), many of which are already of record before the Office. 



REMARKS 
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References listed in Exhibit 2A which have not already been cited in this application are 
being submitted in an Information Disclosure Statement to be filed shortly in this case. 
Furthermore, Exhibits 2B and 2C 4 to Microsoft's Preliminary Invalidity Contentions, 
which comprise an extensive listing of claim charts pertaining to the patents-in-suit, are 
provided along with a summary of the claims addressed. This summary should help the 
Examiner determine which, if any, of the prior art claim charts of Exhibits 2B and 2C 
should be reviewed by the Office (for example, Exhibit 2C contains § 1 12 indefiniteness 
charts relating only to the claims of the patents in suit). 

With this Notice, Applicants have provided copies of some of the exhibits referred 
to in the provided papers. However, due to the large quantity of documents referenced 
by these papers, all attachments and exhibits have not been provided. For example, 
the exhibits to the motions provided at Tabs 3 and 4 are not provided because they 
have inconsequential, if any, relation to the patentability of the instant claims. These 
exhibits are not necessary to understand the motion, and are not relevant to the Office's 
review (e.g., they are directed to issues specific to the '900 patent, they pertain to 
Microsoft's products, they contain Microsoft's Attorneys-Eyes-Only information that we 
cannot disclose, etc.). 

As always, if the Examiner believes that any document referred to in these 
papers and not yet submitted may be helpful in resolving an issue before him and would 
like to review that or any other document, Applicants invite the Examiner to contact the 
undersigned at (650) 849-6643 so we may provide such document. 



4 Exhibits 1B and 1C are provided in electronic format via CD-ROM due to their length. 

4 



Application No.: 09/498,369 

Final Notice Regarding Related Litigation 



PATENT 
Customer No. 22,852 
Attorney Docket No. 7451.0010-01 
InterTrust Ref. No.: IT-14.1 (US) 



TABLE OF EXHIBITS 



Tab Description 



Date 



1 . InterTrust Disclosures of Asserted Claims and Preliminary 9/2/03 
Infringement Contentions Pursuant to Patent Local Rules 3-1 & 3- 

2, including Exhibits A-C 

2. Microsoft Preliminary Invalidity Contentions (Patent Local Rules 3-3 1 1/17/03 
and 3-4), including Exhibits A-C 

3. Microsoft Motion and Memorandum in Support of Motion for Partial 2/23/04 
Summary Judgment of Invalidity of the Asserted Claims of the '900 

Patent 

4. Microsoft Motion and Memorandum in Support of it's Motion for 2/23/04 
Partial Summary Judgment of Invalidity of the Asserted Claims of 

the '181 Patent 

5. Joint Stipulation of Dismissal with Prejudice 5/5/04 

6. Press Release Announcing Settlement 4/12/04 
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KEKJER & VAN NEST, LLP 
JOHN W. KEKJER - #49092 
MICHAEL H. PAGE - #154913 
710 Sansome Street 
San Francisco, CA 941 1 1-1 704 
Telephone: (415)391-5400 
Facsimile: "(415)397-7188 

[NTERTRUST TECHNOLOGIES CORPORATION 

DOUGLAS K. DERWIN -# 1 1 1 407 

FEFFERY J. McDOW - #1 84727 

4800 Patrick Henry Drive 

Santa Clara, CA 95054 

telephone: (408)855-0100 

facsimile: (408) 855-0144 

5 ENNIE & EDMONDS LLP 
MICHAEL J. LYONS - #202284 
100 Hillview Avenue 
>alo Alto, CA 94304 
relephone: (650) 493-4935 
•acsimile: (650) 493-5556 

Attorneys for Plaintiff and Counter-Defendant 
NTERTRUST TECHNOLOGIES CORPORATION 



UNITED STATES DISTRICT COURT 
NORTHERN DISTRICT OF CALIFORNIA 



NTERTRUST TECHNOLOGIES 
:ORPORATION, a Delaware corporation, 

Plaintiff, 



v. 



I1CROSOFT CORPORATION, a 
/ashington corporation, 



Defendant. 



ND COUNTER ACTION. 



Case No. C 01-1640 SBA (MET) 

Consolidated with C 02-0647 SBA 

INTERTRUST'S DISCLOSURES OF 
ASSERTED CLAIMS AND 
PRELIMINARY INFRINGEMENT 
CONTENTIONS PURSUANT TO 
PATENT LOCAL RULES 3-1 and 3-2 



('683, '193, '861, '721, '891, '900, '912, '019, 
'876, '181, and '402 Patents) 



INITIAL DISCLOSURES, '683, '193, '861, '721, *891, "900, "912, '019, '876, '181, and '402 PATENTS 
CASE NO. C 01- 1640 SBA (MEJ), CONSOLIDATED WITH C 02-0647 SBA 
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Pursuant to the Court's August 8, 2003 Order, Plaintiff InterTrust Technologies 

I Corporation ("InterTrust") hereby submits its Disclosures of Asserted Claims and Preliminary 

Infringement Contentions under Patent Local Rules 3-1 and 3-2 ("PLR 3-1 & 3-2 Disclosures") 

to Defendant Microsoft Corporation ("Microsoft"), These PLR 3-1 & 3-2 Disclosures supercede 

all previous PLR 3-1 and PLR 3-2 disclosures served by InterTrust in this case. 

Patent Local Rule 3-1 : Disclosure of Asserted Claims and Preliminary 
I Infringement Contentions 

(a) Asserted claims 

InterTrust currently contends that the Microsoft products identified herein infringe the 
claims of U.S. Patents Nos. 6,185,683 Bl ("the '683 patent"); 6,253,193 Bl ("the '193 patent"); 
5,920,861 ("the '861 patent"); 6,157,721 ("the '721 patent"); 5,982,891 ("the '891 patent"); 
5,892,900 ("the '900 patent"); 5,917,912 ("the '912 patent"); 5,915,019 ("the '0 1 9 patent"); 
5,949,876 ("the '876 patent"); 6,1 12,181 ("the '181 patent"); and 6,389,402 Bl ("the '402 
patent"), as identified in the attached claim charts. As discovery progresses, InterTrust may 
determine that additional Microsoft products infringe the asserted patents and/or that Microsoft 
infringes additional patent claims. InterTrust reserves the right to supplement and/or amend its 
disclosures and infringement contentions, 
(b) Accused products 

InterTrust contends that various Microsoft products infringe the patent claims identified 
in the claim charts attached hereto. Accused products are listed in Exhibit A hereto. Accused 
products are listed in Exhibit A hereto, which is intended to encompass past, present, and future 
product versions that include the accused features and/or functionality, 
(c) Claim charts 

InterTrust submits the attached claim charts based solely on information available to it to 
date. Discovery is ongoing, and additional information is likely to be produced during 
discover}/. InterTrust therefore reserves the right to supplement and/or amend its infringement 
assertions as discovery proceeds. 
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InterTrust contends that Microsoft infringes at least the claims of the *683, * 1 93, '861, 
l 721, '891, '900, 4 912, '019, '876, '181, and M02 patents identified in the claim charts attached 
lereto as Exhibits B and C: 1 

(d) Literal infringement and the doctrine of equivalents 

InterTrust contends that Microsoft infringes the claims of the '683, '193, '861, '721, 
891, '900, '912, '019, '876, '181, and '402 patents as specified in Exhibits B and C both 
iterally and under the doctrine of equivalents. 

(e) Priority from earlier applications 

InterTrust claims priority for the claims of the '891, '912, '683, '193, '019, '876, and 
402 patents-in-suit dating to application No. 08/388,107, filed February 13, 1995,. InterTrust 
laims priority for the claims of the '900 patent-in-suit dating to application No. 08/695,927, 
iled August 12, 1996. InterTrust does not claim priority for the claims of the '721, '861, and 
181 patents-in-suit dating to any earlier application. 

(f) Reliance on InterTrust's own products 

InterTrust does not currently intend to rely on the assertion that its own Commerce and 
jghts System products practice at least some of the claimed inventions of the '683, '193, '861, 
721, '891, '900, '912, '019, '876, '181, and '402 patents-in-suit to support its infringement 
ssertions against Microsoft. 

ate nt Local Rule 3-2: Document Production Accompanying Disclosure 
(a) Documents re disclosure and/or offer of sale 

InterTrust is not currently aware of such documents other than the documents that have 
eviously been produced. See 1T0001 7664-19168, 1T00020866-21695, IT0002 1700-23578, 



Exhibit B contains claim charts based upon publicly available or non-confidential sources, 
xhibit C contains additional claim charts referencing material designated as "Attorneys* Eyes 
nly" by Microsoft, and is served under separate caption. No other information contained in 
ese disclosures is designated confidential by either party, and InterTrust does not object to 
ssemination of this document, other than Exhibit C, to persons not permitted to view 
mfidential information in this case. For ease of reference, the claim charts attached hereto 
elude all claims previously disclosed by InterTrust, as well as new claims, 
umbering/leuenng/bolding has been added 10 the text of each claim for convenience only, and 
not intended to alter, expand, or interpret the meaning of those claims. In instances where 
fringement claims are illustrated by quotation or reference to Microsoft documents, those 
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1T00038608-43419. 

(b) Documents re conception, reduction to practice, and/or design/development 

InterTrust has produced nonprivileged documents concerning the conception, design, 
development, and reduction to practice of the inventions disclosed in the patents-in-suit. See, 
e.g. , JT00000005-17261, 1T00036207-38606, IT0004 1497-549. In addition, InterTrust has 
produced voluminous archives of source code created in the course of its business, some of 
which may constitute additional evidence of the conception, design, development, and reduction 
to practice of its patented inventions. InterTrust is not currently aware of any other such 
nonprivileged documents in its possession or control other than said source code and the source 
code and documents that have been produced. 

(c) Prosecution history of patents-in-suit 

The prosecution histories of the patents-in-suit have previously been produced. See, e^, 
IT00062350-67643, IT00070342-72434, FHO0107455 - 107731, FH 001 13539-1 18857, 
FH 118866-121322. 

Dated: September *L ^ KEKJER & VAN NEST, 




By: 

MI( 

Attorneys for Plaintiff/and Counter-Defendant 
INTERTRUST TECHNOLOGIES 
CORPORATION 
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Microsoft Accused Products 

Visual Studio .Net Enterprise Architect 
Visual Studio .NET Enterprise Developer • 
Visual Studio .NET Professional 
Visual Studio .Net 
ASP. Net 

.NET Framework SDK 
.Net License Compiler 

Office XP Standard 

Office XP Professional 

Office XP Professional with FrontPage 

Office XP Developer 

Windows XP Home Edition 

Windows XP Professional 

Access 2002 

Excel 2002 

FrontPage 2002 

Outlook® 2002 

PowerPoint <§> 2002 

Project 2002 

Publisher ® 2002 

Visio® 2002 

Word 2002 

Visio Enterprise Network Tools 

Office 2000 SR-1 

Project 2000 SR-1 

Windows XP Embedded 

Windows CE .NET 

Windows CE for Automotive 

Mobility and Wireless Solutions for business 

Mobile Devices 

Pocket PC 

Microsoft Smartphone Platform 

Microsoft XBOX 

Windows ME 

Digital Asset Server 

Microsoft Reader 

Windows Media Piayer 

Windows Media Rights Manager SDK 

Windows Media Device DRM technology 

Microsoft Secure Audio Path technology 

Exhibit A 
] 
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Microsoft System Management Server 
Windows File Protection System 

Microsoft ActiveX technology, including all Microsoft tools that support 
the Microsoft ActiveX licensing model 

All products that contain the Microsoft Common Language Runtime 
(CLR), Microsoft Compact CLR, or Microsoft implemented .Net 
Common Language Infrastructure 

Application Center 

BizTalk Server 

Commerce Server 

Content Management Server 

Exchange Server 

Host Integration Seiver 

Internet Security and Acceleration Server 

Mobile Information Server 

SharePoint Portal Server 

SQL Server 

Windows 2000 Server 

.NET Enterprise Services 

.NET Infrastructure and Services 

Microsoft Installer SDK 

All products that contain the Microsoft Installer Technology 
Microsoft .Net MyServices 

Windows Hardware Quality Labs Certification Services 
Office 2003 and included applications 

Server 2003, including Microsoft hosted RMS Services using Passport 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,892,900 



155. 



Products infringing: Any product using 
Microsoft Product Activation or Reader 
Activation feature. 



A virtual distribution environment comprising 
a) a first host processing environment 
:omprising 



(1) a central processing unit; 

(2) main memory operatively connected 
to said central processing unit; 



computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office XP, Visio 
2002. Reader using its activation feature. . 



CPU of computer 



main memory of computer 



(3) mass storage operatively connected 
to said central processing unit and said 
main memory; 



hard disk or other mass storage contained in 
computer 



b) said mass storage storing tamper resistant 
oftware designed to be loaded into said main 
lemory and executed by said central 
rocessing unit, said tamper resistant software 
omprising: 



Microsoft Product Activation software 



(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, 



Product Activation software generates 
hardware information relating to the host 
processing environment as part of the 
activation process 



(2) one or more storage locations 
storing said information; 



hardware information is stored in the 
computer's storage 



(3) integrity programming which 



(i) causes said machine check 
programming to derive said 
information, 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



(ii) compares said information 
to information previously stored 
in said one or more storage 
locations, and 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



(iii) generates an indication 
based on the result of said 
comparison; and 



Product Activation software indicates whether 
the test has passed or failed 



(4) programming which takes one or 
more actions based on the state of said 
indication; 



(i) said one or more actions 
including at least temporarily 
halting further processing. 



Product Activation software will allow system 
startup procedures to continue, if test succeeds, 
or discontinue startup and offer user 
o pportunity to reactivate if the test fails 
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Product Infringing: Any product using 
Microsoft Product Activation or Reader 
Activation feature. 



A virtual distribution environment comprising 



(a) a first host processing environment 
comprising 



computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office XP, Visio 2002 
andReader 



(1) a central processing unit; 



CPU of computer 



(2) main memory operatively connected 
to said central processing unit: 



main memory of computer 



(3) mass storage operatively connected 
to said central processing unit and said 
main memory; \ 



hard disk or other mass storage contained in 
computer 



(b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said central 
processing unit, said tamper resistant 
software comprising: 



Microsoft Product Activation software 



(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, 



Product Activation software generates 
hardware information relating to the host 
processing environment as part of the 
activation process 



(2) one or more storage locations 
storing said information; 



hardware information is stored in the 
computer's storage 



(3) integrity programming which 



(i) causes said machine check 
programming to derive said 
information, 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



(ii) compares said information 
to information previously stored 
in said one or more storage 
locations, and 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



(iii) generates an indication 
based on the result of said 
comparison; and 



Product Activation software indicates whether 
the lest has passed or failed 



(4) programming which takes one or 
more actions based on the state of said 
indication; 



(i) said one or more actions 
including at least temporarily 
disabling certain functions. 



Product Activation may disable the underlying 
software from generating new files or running 
user applications if the test fails 
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Product Infringing: Any product using 
Microsoft Product Activation or Reader 
Activation feature. 



A virtual distribution environment comprising 



(a) a first host processing environment 
comprising 



computer running a Microsoft product 
containing the Product Activation feature, 
including Windows XP, Office XP, Visio 2002 
and Reader 



(1) a central processing unit; 

(2) main memory operatively connected 
to said central processing unit; 



CPU of computer 



main memory of computer 



(3) mass storage operatively connected 
to said central processing unit and said 
main memory; 



hard disk or other mass storage contained in 
computer 



(b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said central 
processing unit, said tamper resistant 
software comprising: 



Microsoft Product Activation software 



(1) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, 



Product Activation software generates hash 
information relating to the host processing 
environment as part of the activation process 



(2) one or more storage locations 
storing said information; 



hardware information is stored in the 
computer's storage . 



(3) integrity programming which 



(i) causes said machine check 
programming to derive said 
information, 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



(ii) compares said information 
to information previously stored 
in said one or more storage 
locations, and 



each time the Microsoft program starts up after 
initial activation, Product Activation checks 
the originally derived hardware information 
against current hardware 



(iii) generates an indication 
based on the result of said 
comparison: and 



Product Activation software indicates whether 
the test has passed or failed 



(4) programming which takes one or 
more actions based on the state of said 
indication; 



(i) said one or more actions 
including displaying a message 
to the user. 



Product Activation software displays a 
message to the user if the test fails 
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Products infringing: Windows Media Player 



\ virtual distribution environment comprising 



i first host processing environment comprising 



WMP with Individualized DRM client 
(referred to hereafter as the Individualized 
WMP) running on a client computer 



\ central processing unit 



Client CPU 



naih memory bperatively connected to said 
antral processing unit 



Client memory 



nass storage operatively connected to said 
central processing unit and said main memory 



Local disk drive 



;aid mass storage storing tamper resistant 
;oftware designed to be loaded into said main 
nemory and executed by said central 
)rocessing unit, said tamper resistant software 
:omprising: 



Individualized WMP (I-WMP) stored on disk 
and loaded into main memory upon execution. 
I-WMP is tamper resistant. 



nachine check programming which derives 
nformation from one or more aspects of said 
tost processing environment, 



Individualization module is generated by the 
MS individualization service either when the 
un-individualized WMP tries to open licensed 
content that requires a security upgrade (aka, 
Individualization) or when the user requests an 
upgrade un-provoked. The individualization 
module is unique and signed and is bound to a 
unique hardware ID using the MS machine 
activation process. 



me or more storage locations storing said 
nformation 



The aforementioned unique feature are located 
in multiple places or storage locations 



ntegritv programming which 



auses said machine check programming to 
erive said information, 



The ID is regenerated by WMP/DRM client 
when first loading the Individualized DRM 
Client to access a piece of content requiring the 
security upgrade. 



ompares said information to information 
reviously stored in said one or more storage 
)cat i ons, and 



The program checks the new copy against the 
one to which the individualized DRM client is 
bound. 



enerates an indication based on the result of 
aid comparison; and 



Program stores the result of this check. 



rogramming which takes one or more actions 
ased on the state of said indication 



If these are not equal, the user is notified via a 
message stating that he/she must acquire a 
security upgrade (that is, the current security 
upgrade is invalid). If they are equal then 
processing of songs requiring Individualization 
continues. 



aid one or more actions including at least 
tm porarily disabling cenain functions. 



Songs targeted to this Individualization module 
cannot be accessed until the upgrade is correct. 
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157. A virtual distribution environment 
comprising 



comprising ■ 

a first host processing environment comprising 
a central processing unit 



Infringing products include: Windows Media 
Player 



See 156 



main memory operatively connected to said 
:entral processing unit 



See 156 



See 156 



nass storage operatively connected to said 
:entral processing unit and said main memory 



See 156 



;aid mass storage storing tamper resistant 
software designed to be loaded into said main 
iiemory and executed by said central 
processing unit, said tamper resistant software 
:ompris?ng: 



See 156 



nachine check programming which derives 
nformation from one or more aspects of said 
lost processing environment, 



See 156 



>ne or more storage locations storing said 
nformation 



See 156 



ntegrity programming which causes said 
nachine check programming to derive said 
nformation compares said information to 
nformation previously stored in said one or 
nore storage locations, and 



See 156 



;enerates an indication based on the result of 
aid comparison; and 



See 156 



irogramming which takes one or more actions 
■ased on the state of said indication 



See 156 



aid one or more actions including displaying a 
message to the user. 



If these are not equal, the user is notified via a 
message stating that he/she must acquire a 
security upgrade (that is, the current security 
upgrade is invalid). 
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L57. 



Infringing Product: Microsoft's Windows File 
Protection and System File Checker features, 
embodied in Microsoft's Windows 2000, 
Windows XP products, and Server 2003 



^ virtual distribution environment comprising 



a) a first host processing environment 
comprising 



computer running Microsoft Windows 2000 or 
Windows XP. 



(] ) a central processing unit; 



CPU of computer 



(2) main memory operatively connected 
to said central processing unit; 



main memory of computer 



(3) mass storage operatively connected 
to said central processing unit and said 
main memory; 



hard disk or other mass storage contained in 
computer 



b) said mass storage storing tamper resistant 
software designed to be loaded into said 
main memory and executed by said central 
processing unit, said tamper resistant 
software comprising; 



Windows File Protection process/service 
("WFP") and System File Checker (SFC.exe) 
features of winlogon.exe. Winlogon.exe is 
treated as a "critical" service by the Windows 
operating system. Files supporting WFP 
(including winlogon.exe, sfc.exe, sfc.dll (2000 
only), sfcfiles.dll (2000 only) and sfc_os.dll 
(XP only)) are "protected" files and are signed 
using a signature verified by a hidden key. In 
Windows 2000, WFP uses hidden functions 
within the sfc.dll library. Functions are 
imported by "ordinal" instead of "name/ 



(1 ) machine check programming which 
derives information from one or more 
aspects of said host processing 
environment, 



Winlogon either directly or using another dll 
(XP) or using SFC.dll (2000) determines if 
changed file was protected, computes the hash 
of protected files and, if necessary, computes 
the hash of the file in the dll cache before using 
it to replace a file overwritten by an incorrect 
version of the file. - 



(2) one or more storage locations 
storing said information; 



hardware information is stored in the 
computer's memory 



(3) integrity programming which 



(i) causes said machine check 
programming to derive said 
information, 



Windows notifies Winlogon when there has 
been a system directory change or a change in 
the dll cache. 



(ii) compares said information 
to information previously stored 
in said one oi more storage 
locations, and 



Winlogon either directly or using another dll 
(XP) or using SFC.dll (2000) compares 
computed hash with hash in the hash database 
created from the Catalog file(s), and, if there is 
a difference, compares the hash of the file in 
the dll cache to the hash database created from 
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the Catalog file(s) before using it to replace an 
overwritten file. 



(iii) generates an indication 
based on the result of said 
comparison: and 



An event is written to the Event Viewer if 
hashes do not agree. 



(4) programming which takes one or 
more actions based on the state of said 
indication; 



Depending on the circumstances, WFP 
displays several messages to the user, 
including prompting the user .to contact the 
system administrator, and to insert a CD-ROM. 



See above. Messages also constitute viewable 
Event Property pop-ups. 



(i) said one or more actions 
including displaying a message 
to the user. 
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6. 



Product Infringing: XBox 



A process comprising the following steps: 



The process constitutes assembly and use 
of components making up an XBox game. 



accessing a first record containing 
information directly or indirectly 
identifying one or more elements of a first 
component assembly,. 



The first record consists of the second file 
table on an XBox DVD. This table 
identifies the .xbe file which includes the 
game information. 



at least one of said elements including at 
least some executable programming, 



The xbe file includes executable 
programming. 



at least one of said elements constituting a 
load module, 



The xbe file is a load module. 



said load module including executable 
programming and a header; 



The xbe file includes a header. 



at least a portion of said header is a public 
portion which is characterized by a 
relatively lower level of security 
protection; and 



Most information the xbe header is not 
obfuscated. 



at least a portion of said header is a private 
portion which is characterized, at least 
some of the time, by a level of security 
protection which is relatively higher than 
said relatively lower level of security 
protection. 



The entry point address and the kernel 
image thunk address listed in the xbe 
header are obfuscated and therefore at a 
higher level of security protection. 



using said information to identify and 
locate said one or more elements; 



The second file table identifies the .xbe 
file, including where that file is located. 



accessing said located one or more 
elements; 



The .xbe file is accessed by the XBox. 



securely assembling said one or more 
elements to form at least a portion of said 
first component assembly; 



At runtime, the .xbe file is assembled with 
certain services of the operating system to 
form a component assembly. Security 
associated with this assembling process 
includes verifying signatures associated 
with portions of the .xbe file, and replacing 
obfuscated calls to operating system 
services with actual addresses. 

The assembly may also include patch files 
downloaded from a remote server. 



executing at least some of said executable I Game nlav requires execution of the 
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programming: and 



assembled programming. 



checking said record for validity prior to 
performing said executing step. 



The second file table is protected by a 
digital signature, and is not loaded/used 
unless the digital signature is verified 
against the file. 



7. A process as in claim 6 in which: 



said relatively lower level of security 
protection comprises storing said public 
header portion in an unencrypted state; and 



The header is protected by the techniques 
protecting the xbe such as signing and 
security descriptors, but it is not encrypted 
except as noted below. 



said relatively higher level of security 
protection comprises storing said private 
header portion in an encrypted state. 



The entry point address and the kernel 
image tbunk address listed in the xbe 
header are obfuscated. The Xbox SDK's 
(XDK) image build uses a key value shared 
with the retail XBox to perform two XOR 
operations against the addresses 



•ii 
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i. 



Infringing products: Microsoft CLR or CCLR 
and .NET Framework SDK and products that 
include one or both of these. 



\ process comprising the following steps: 



a) accessing a first record containing 
nformation directly or indirectly identifying 
>ne or more elements of a first component 
Lssembly, 



The first record is either an assembly manifest, 
or a whole assembly; the elements are other 
assemblies that are referenced as external in 
the first record; the first component assembly 
ii a .NET application domain. 



(1) at least one of said elements 
including at least some executable 
programming, 



Assembly contains executable programming. 



(2) at least one of said elements 
constituting a load module, 



This is an external assembly referenced in the 
first record. 



(i) said load module including 
executable programming and a 
header; 



Assemblies include executable programming, 
and the assembly manifest and CLS type 
metadata constitute a header. 



(ii) said header including an 
execution space identifier 
identifying at least one aspect of 
an execution space required for 
use and/or execution of the load 
module associated with said 
header: 



This feature is provided for in the .NET 
architecture through numerous mechanisms, 
for ex ampl e, by d emands for ZonelD 
permissions. 



(iii) said execution space 
identifier provides the capability 
for distinguishing between 
execution spaces providing a 
higher level of security and 
execution spaces providing a 
lower level of security; 



Security Zone or other evidence provides this 
capability. 



d) using said information to identify and 
>cate said one or more elements; 



Manifest and type metadata information 
section is used to identify and locate files, code 
elements, resource elements, individual classes 
and methods. 



;) accessing said located one or more 
lements; 



Step carried out by the CLR or CCLR loader. 



1) securely assembling said one or more 
ements to form at least a portion of said first 
Dmponent assembly; 



CLR or CCLR carries out this step, including 
checking the integrity of the load module, 
checking the load module's permissions, 
placing the load module contents into an 

application domain, isolating it from malicious 
or badly behaved code, and from code thai 
does not have the permission to call it. 



:) executing at least some of said executable 
opramming: and 



Step carried but by the CLR/CCLR and the 
CLR/CCLR host. - 
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(f) checking said record for validity prior to 

performing said executing step. 

9. A process as in claim 8 in which said 
execution space providing a higher level of 
security comprises a secure processing 

environment. ^ 

13. A process as in claim 8 further comprising: 
(a) comparing said execution space identifier 
against information identifying the execution 
space in which said executing step is to occur; 
and 



(b) taking an action if said execution space 
identifier requires an execution space with a 
security level higher than that of the execution 
space in which said executing step is to occur. 



14. A process as in claim 13 in which said 
action includes terminating said process prior 
to said executing step. 



The CLR/CCLR checks the authenticity and 
the integrity of the first .NET assembly. 
The CLR/CCLR constitutes a secure 
processing environment. 



In one example, the 

ZoneldentityPermissionAttribute Security Zone 
value demanded by control in the assembly 
manifest is compared against the Security Zone 
attribute value corresponding to the calling 

method 

CLR/CCLR will throw an exception and- 
transfer control to an exception handler in the 
calling routine, or it will shut down the 
application if there is no such exception 
handler, if the permissions do not include the 
permissions required by the 
ZoneldentityPermissionAttribute. The 
ZoneldentityPermissions are hierarchical, 

unless customized. 

CLR/CCLR may terminate the process or 
transfer control to an exception handler that 
may itself terminate the process. 
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Products infringing include Windows Installer 
SDK, and products that include the Windows 
Installer technology. 



A process comprising the following steps: 



Scenario 1: use of Windows Installer packages 
(i.e. .MSI files) to create Windows Installer- 
enabled applications, such as Office 2000 and 
used of the WI service to install them. 
Scenario 2: software distribution technologies 
that use the Windows Installer OS service for 
installation, such as Internet Component 
Download and products like Office Web 
Components. 

Either scenario can be used by SMS, 

IntelliMirror and third party tools like 

InstallShield and WISE. 

NT or later operating systems (because they 

use the subsystem identifier) 

using cabinet files, .CAB, (because they have a 

manifest and INF and/or OSD files), and 

have been signed with a digital signature and 

will be authenticated by Authenticode or 

WinVerifyTrust API and 

contain at least one PE (portable executables) 



a) accessing a first record containing 
lformation directly or indirectly identifying 
ne or more elements of a first component 
ssembly, 



Scenario 1: First record is the .MSI file that 



contains information on what goes in the 
assembly and how to install the assembly. 

Scenario 2: 



A. First record is the cabinet manifest 
(indirect instructions) 

B. Or, First record can be INF and/or OSD 
files (direct instructions) 



(1) at least one of said elements 
including at least some executable 
programming, 



Both scenarios: The PE (portable executable) 
in the cabinet file is the executable 
programming. 



(2) at least one of said elements 
constiruiing a load module, 



! Both scenarios: PE is a load module: 



(i) said load module including 
executable nrogramming and a 



Both scenarios: The PE has several headers. 
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header; 



(ii) said header including an 
execution space identifier 
identifying at least one aspect of 
an execution space required for 
use anchor execution of the load 
module associated with said 
header: 



Both scenarios: SUBSYTEM is a field in the 
PE Optional Header that is an execution space 



(iii) said execution space 
identifier provides the capability 
for distinguishing between 
execution spaces providing a 
higher level of security and 
execution spaces providing a 
lower level of security; 



Both scenarios: SUBSYSTEM distinguishes 
between programs that can run in kernel mode 
and those that can run in user mdde. This is a 
key security concept of process separation that 
was introduced with Windows NT. 

Tht Subsystem field in the PE header is used 
by the system to indicate whether the 
executabie will run within Ring 3 (user mode) 
or use Ring 0 (native or kernel mode). 
Anything running in Ring 3 is limited to its 
own processing space. Executables running in 
Ring 0 can reach out to other spaces and have 
security measure built around them. 



b) using said information to identify and 
3cate said one or more elements; 



Scenario 1: the MSI file identifies and locates 
the elements 

Scenario 2: 

.CAB manifest is used to identify Physical 
location 

OSD and/or INF is used to identify Logical 
location 



:) accessing said located one or more 
lements; 



Scenario 1 : Using the MSI file 

Scenario 2: Using INF and/or OSD in cabinet 
file 



1) securely assembling said one or more 
ements to form at least a portion of said first 
)mponent assembly; 



Both scenarios: Using the Window Installer 
OS service with various properties and flags on 
the settings for higher protection. 

Windows Installer has numerous flags that the 
developer can set to indicate how the assembly 
will be installed, in what privilege level, with 
how much user interface, and how much ability 
the user has to watch or change what is 
occurrinp. These controls have been 
strengthened with each release of Windows 
Installer. Windows Installer 1.1 and later has 
the ability to limit the users capabilities during 
the installation. in a Windows 2000 
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environment and laler, using the Group Policy- 
based Change and Configuration Management, 
the administrator has the most control 

Fields that can be set by the developer or 
administrator to control what users can do 
include the following: 

Transformssecure can be set to a value of 1 
to inform the installer that transforms are to be 
cached locally on the user's computer in a 
location the user does not have write access. 
(Transforms create custom installations from a 
basic generic installation, for example to make 
the Finance versions different from the 
Marketing version or English versions different 
from Japanese versions.) 

AIlowLockdownBrowse and DisableBrowse 
can prevent users from browsing to die 
sources. 

SourceList can be used to specify the only 
allowable source to be used for the installation 
of a given component. 

Environment can be used to specify whether 
the installation can be done while the user is 
logged on or only when no user is logged on. 

Security Summary Property conveys whether 
a package can be opened as read -only or with 
no restriction. 

Privileged Property is used by developers of 
installer packages to make the installation 
conditional upon system policy, the user being 
an administrator, or assignment by an 
administrator. 

Restricted Public Properties can be set as 
variables for an installation. "For managed 
installations, the package author may need to 
limit which public properties are passed to the 
server side and can be changed by a user that is 
not a system administrator. Some are 
commonly necessary to maintain a secure 
environment when the installation requires the 
installer use elevated privileges. w 
SecureCustomProperties can be created by the 
author of an installation package to add 
controls beyond the default list. 

MsiSetlnternalUl specifies the level of user 
interface from none to full. 

A Sequence Table can be used to specify the 
required order of execution for the installation 
process. There are three modes, one of which is 
the Administrative Installation that is used by 
the nenvork administrator to assign and install 
applications. 

InstallServicesAction registers a service for 
the svstem and it can onlv he used if the user is 
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e) executing at least some of said executable 
>rogramming; and 



an administrator or has elevated privileges with 
permission to install services or that the 
application is part of a managed installation. 

DisableMedia system policy disables media 
sources and disables browsing to media 
sources. It can be used with DisableBrowse to 
secure installations version 1.1 that doesn't 
have some of the other capabilities. 

AlwaysInstallElevated can be set per user or 
per machine and is used to install managed 
applications with elevated privileges. 

AllowLockdownBrowse, 
AllowLockdownMedia and 
AHowLockdowhPatch set these capabilities so 
they can only be performed by an administrator 
during an elevated installation. 

[See article "HowTo: Configure Windows 
Installer for Maximum Security (Q247528). 

Windows XP Professional and .NET have the 
additional capability to set Software Restriction 
Policies and have these used by Windows 
Installer. 

In addition, most of the software distribution 
technologies that use Windows Installer also 
add a layer of their own controls. For example, 
SMS 2.0 enables the administrators to control 
the installation is optional or required and 
whether the user can affect the installation 
contents/features at all. 



Both scenarios: Part of executable is called 
during installation in order to do self- 
registration or perform custom actions. The 
overall executable is used at runtime. 



f) checking said record for validity prior to 
lerforming said executing step. 



Scenario 1 : Sign the overall package and the 
cabinet files. 

Scenario 2: The cabinet file is signed. 

For IE with the default security level or higher, 
the digital signature is verified by 
Authenticode or a similar utility before the 
component is allowed to be assembled. 
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35. 



Products infringing include all products that 
host the Microsoft .NET Common Language 
Runtime or Compact Common Language 
Runtime. 



A process comprising the following steps: 



Computer running the Microsoft CLR/CCLR 
receives, for example, a shared assembly 
header or a complete shared assembly from 
a nother computer, for example a server. 



[a) at a first processing environment receiving 
a first record from a second processing 
environment remote from said first processing 
environment; : 



(1) said first record being received in a 
secure container; 



The shared assembly is cryptographically 
hashed and signed. 



(2) said first record containing 
identification information directly or 
indirectly identifying one or more 
elements of a first component 
assembly; 



The first record is either an assembly manifest, 
or a whole assembly; the elements are other 
assemblies that are referenced as external in 
the first record; the first component assembly 
is a .NET application domain. 



(i) at least one of said elements 
including at least some 
executable programming; 



Assembly contains executable programming. 



(ii) said component assembly 
allowing access to or use of 
specified information; 



The specified information can include any kind 
of data file, stream, log, environment variables, 
etc. 



(3) said secure container also including 
a first of said elements; 



The shared assembly includes at least some 
executable programming. 



b) accessing said first record 



c) using said identification information to 
dentify and locate said one or more elements; 



CLR/CCLR accesses the assembly or 
assembly header. 



Manifest and type metadata information 
section is used to identify and locate files, code 
elements, resource elements, individual classes 
and methods. 



(1) said locating step including locating 
a second of said elements at a third 
processing environment located 
remotely from said first processing 
environment and said second 
processing environment; 



Met by a multifile assembly, with files 
distributed across a network, or by the second 
element constituting another referenced 
assembly located elsewhere; the CLR/CCLR 
uses probing to locate and access the file. 



d) accessing said located one or more 
lements; 



Step carried out by the CLR/CCLR loader. 



(1) said element accessing step 
including retrieving said second 
element from said third processing 
en vi ro nment; 



Step carried out by the CLR/CCLR loader. 



e) securely assembling said one or more 
lements to form ai least a portion of said firsi 
omponem assembly specified by said firsi 
ecord; and 



CLR/CCLR carries out this step, including 
checkinp the integrity of the load module, 
checking the load module's permissions, 
placing the load module contents into an 
application domain, isolating it from malicious 
or badly behaved code, and from code that 
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does not have the permission to call it. 

(f) executing at least some of said executable Step carried out by the CLR/CCLR. 

programming, ■' ■■ . — 

(1) said executing step taking place at CLR/CCLR is operating in the first processing 
said first processing environment. environment specified above. 
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34. 



A descriptive data structure embodied on a 
computer-readable medium or other logic 
device including the following elements: 
a representation of the format of data 
contained in a first rights management data 
structure 



Product Infringing: Microsoft Operating 
Systems that support device driver 
signature technology 



The driver package's INF is a data 
structure. The INF contains multiple types 
of sections, structured as hierarchy 
/"branches," that the Windows operating 
system or its Plug and Play and/or Set-up 
installation services "branch" through 
based on the operating system information 
and device for which a driver is to be 
installed. The installation services use the 
"branching" structure (format) to determine 
what files should be installed. The INF, 
further provides disk location information 
and file directory path information for the 
files identified as necessary as a result of 
the "branching" process. 

The driver package is a "rights 
management" data structure based on the 
fact that it is governed and based on the 
fact that it processes governed information. 

Rights Management as Governed Item 

A driver manufacturer can include rules 
governing the driver's installation ancl/or 
use in the driver's INF file. For example: 

Security entries specify an access control 
list for the driver. 

Driver developers can specify rules that 
determine behavior of the driver package 
based on the user's operating system 
version, including product type and suite 
and tKe" device" for which the driver is to be 
installed 

Rules specifying logging 

Local administrators can establish policy as 
in whai aciion or notification should occur 
in the event that a driver being installed is 
not signed. 
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The operating system installation services 
have a ranking criteria it follows when 
multiple drivers are available for a newly 
detected device. The criterion is used to 
determine the driver best suited for 
ensuring compatibility with the operating 
system and ensuring functionality of the 
device. 

Drivers have been certified to be 
compatible with specified operating system 
versions for their respective device classes. 
The catalog file protects the integrity of the 
driver. 

Microsoft distributes the Driver Protection 
List to prevent known bad deriver from 
being installed. 

Processing Rights Managed Items 

Certain drivers (SAP) have been explicitly 
certified to protect DRM content. 

MSDN - DRM Overview 



A DRM-compliant driver must prevent 
unauthorized copying while digital content 
is being played. In addition, the driver must 
disable all digital outputs that can transmit 
the content over a standard interface (such 
as S/PDIF) through which the decrypted 
content can be captured. 



said representation including: 



element information contained within 
said first rights management data 
structure; and 



The elements of a driver package include: 
A driver that is typically a dynamic-link 
library with the .sys filename extension. 
An INF file containing information that the 
system Setup components use to install 
support for the device. 
A driver catalog file containing the digital 
signature. 

One or more optional co-installers which 
are a Win32® DLL that assists in device 
installation NT-based operating systems. 
Other files, such as a device installation 
application, a device icon, and so forth. 

XP DDK - INF Version Section 



The LayoutFile entry specifies one or more 
additional system-supplied I"NF files that 
contain layout information on the source 
media required for installing the software 
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described in this INF. All system-supplied 
INF files specify this entry. 

The CatalogFile entry specifies a catalog 
{.cat) file to be included on the distribution 
media of a device/driver. 



organization information regarding 
the organization of said elements 
within said first rights management 
data structure; and 



Within an INF is a hierarchy with the top 
being a list of manufacturers, and sub-lists 
.of models and at the bottom a list of install 
information by model. 

For Windows XP and later versions of NT- 
based operating systems, entries in the 
Manufacturer section can be decorated to 
specify operating system versions. The 
specified versions indicate OS versions 
with which the specified INF Models 
sections will be used. If no versions are 
specified, Setup uses the specified Models 
section for all versions of all operating 
systems. 

INF's SourceDisksNames and 
SourceDisksFiles sections specify 
organization information. 
XP DDK - Source Media for INFs 



The methods you should use to specify 
source media for device files depend on 
whether your INFs ship separately from the 
operating system or are included with the 
operating system. 
INFs for drivers that are delivered 
separately from the operating system 
specify where the files are located using 
SourceDisksNames and SourceDisksFiles 
sections. 

If the files to support the device are 
included with the operating system, the 
INF must specify a LayoutFile entry in the 
Version section of the file. Such an entry 
specifies where the files reside on the 
operating system media. An INF that 
specifies a LayoutFile entry must not 
include SourceDisksNames and 
SourceDisksFiles sections. 
XP DDK - INF SourceDisksNames 



Section 



A SourceDisksNames section identifies 
the distribution disks or CD-ROM discs 
that contain the source files to be 
transferred to the target machine durinp 
j installation. Relevant values of an entry in 
the INF include: 
diskid — Specifies a source disk. 
disk-description - Describes the contents 



Exhibit B i! 

on ;i 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



293482.02 



information relating to metadata, said 
metadata including: 



metadata rules used at least in pan to 
govern at least one aspect of use and/or 
display of content stored within a rights 
management data structure, 



and/or purpose of the disk identified by 
diskid. 

lag-or-cab-file -- This optional value 
specifies the name of a tag file or cabinet file 
supplied on the distribution disk, either in. 
the installation root or in the subdirectory 
specified by path, if any. 
poth— This optional value specifies the 
path to the directory on the distribution 
disk containing source files. The path is 
relative to the installation root and is 
expressed as \dirnqmel\dirname2... and so 
forth. ; 

flags - For Windows XP and later, setting 
this to 0x10 forces Setup to use cab-or-tag- 
file as a cabinet file name, and to use tag- 
file as a tag file name. Otherwise, flags is 
for interna! use only. 
tag-file — For Windows XP and later, if 
flags is set to 0x10, this optional value 
specifies the name of a tag file supplied on 
the distribution medium, either in the 
installation root or in the subdirectory 
specified by path. The value should specify 
the file name and extension without path 
information. 

XP DDK - INF SourceDisksFiles Section 
A SourceDisksFiles section names the 
source files used during installation, 
identifies the source disks (or CD-ROM 
discs) that contain those files, and provides 
the path to the subdirectories, if any, on the 
distribution disks containing individual 
files. Relevant values in an entry in the 
INF would include: 

filename -- Specifies the name of the file on 
the source disk. 

diskid- Specifies the integer identifying 
the source disk that contains the file. This 
value and the initial path to the 
subdirectory), if any, containing the 
named file must be defined in a 
SourccDisksNames section of the same 
INF. 

subdir — This optional value specifies the 
subdirectory (relative to the 
SourccDisksNames path specification, if 
any) on the source disk where the named 
file resides. 



The drivei manufacture can specify rules in 
the INF thai govern the installation and/or 
use of the driver. For example, security 
entries specify an access control list for the 
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driver. Driver developers can specify rules 
in an INF file that determines behavior of 
the driver package based on the user's 
operating system version, including 
product type and suite. Also, rules related 
to logging can be specified as mentioned in 
next claim element. 

For Example - Access Cdntrol List 
Rules 

XP DDK - Tightening File-Open 
Security in a Device INF File 
For Microsoft Windows 2000 and later, 
Microsoft tightened file-open security in 
the class installer INFs for certain device 
classes, including CDROM, DiskDrive, 
FDC, FloppyDisk, HDC, and 
SCSIAdapter. 

If you are unsure whether the class installer 
for your device has tightened security on 
file opens, you should tighten security by 
using the device's INF file to assign a value 
to the DeviceCharacteristics value name 
in the registry. Do this within an add- 
registry-section, which is specified using 
the INF AddReg directive. 
XP-DDK INF AddReg Directive 

An INF can also contain one or more, 
optional add-registry-section.security 
sections, each specifying a security 
descriptor that will be applied to all registry 
values described within a named add- 
registry-section. 

A Security entry specifies a security 
descriptor for the device. The security- 
descriptor-string is a string with tokens to 
indicate the DACL (D:) security 
component. A class-installer INF can 
specify a security descriptor for a device 
class. A device INF can specify a security 
descriptor for an individual device, 
overriding the security for the class. If the 
class and/or device INF specifies a 
security-descriptor-string, the PnP 
Manager propagates the descriptor to all 
the device objects for a device, including 
the FDO, filter DOs, and the PDO. 

For Example - Operating System 
Versioning 

Operating-System Versioning for Drivers 
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said metadata rules including at least 
one rule specifying that information 
relating to at least one use or display of 
said content be recorded and/or 
reported. 



under Windows XP 

Setup selects the [Models] section to use 
based on the following rules: 

If the INF contains [Models] sections for 
several major or minor operating system 
version numbers, Setup uses the section 
with the highest version numbers that are 
not higher than the operating system 
version on which the installation is taking 
place. 

If the INF [Models] sections that match the 
operating system version also include 
product type decorations, product suite 
decorations, or both, then Setup selects the 
section that most closely matches the 

running operating system. : 

The AddService directive can set up event- 
logging services for drivers. 
INF AddService Directive 
An AddService directive is used to control 
how (and when) the services of particular 
Windows 2000 or later device's drivers are 
loaded, any dependencies on other 
underlying legacy drivers or services, and 
so forth. Optionally, this directive sets up 
event-logging services by the 
devices/drivers as well. 
Relevant sections of the directive's entry 
include: 

event-log-install~section -Optionally 
references an INF-writer-defined section in 
which event-logging services for this 
device (or devices) are set up. 
EventLogType -- Optionally specifies one 
of System, Security, or Application. If 
omitted, this defaults to System, which is 
almost always the appropriate value for the 
installation of device drivers. For example, 
an INF would specify Security only if the 
to-be-installed driver provides its own 
security support. 

EventNqme — Optionally specifies a name 
to use for the event log. If omitted, this 
defaults to the given ServiceName. 



55. A descriptive data structure as in claim 
34, in which: 



>aid first rights management data structure 
:ornprises a first secure container. 



The driver package is secured through a 
catalog file that is signed by Microsoft's 
Windows Hardware Quality Lab and 
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contains the hash of each file of the driver's 
package. The INF identifies the catalog 
file used to sien the driver package. 


1 
J 

A 




36. A descriptive data structure as in claim 
35, in which: 




H 

<: 


said first secure container comprises: ' 


The first secure container is the driver, 
package secured bv a catalog file. 


6 


said content; and 


The content is the driver afid related files 
within the signed driver package. 


7 


rules at least in part governing at least 
. one use of said content. 


The rules are within the INF, which is part 
of the signed driver Dackage. 






8 
9 


37. A descriptive data structure as in claim 
36, wherein the descriptive data structure is 
stored in said first secure container. 


The INF is stored within the signed driver 1 
package. 






10 


44, A descriptive data structure as in claim 
34, farther including: 




11 
12 
13 
14 
15 
16 


a representation of the format of data 
contained in a second rights management 
data structure, 


The manufacture and models sections in 
the INF Version section are provided for 
the possibility of a single INF representing 
the format for multiple drivers. 




Operating system version "decorating" 
relating the architecture, major and minor 
operating systems versions, product and 
suit information all relate to the target 
environment and is used to identify the 
files necessary for the target environment. 


17 
18 
19 
20 




An INF file, such as in the case of 
operating system targeting, can be used for 
more than one driver package since it can 
contain more than one catalog file. 




Further an INF can address the drives 
necessarv for a multi-functional device. 


21 

22 


said second rights management data 
structure differing in at least one respect 
from said first rights management data 
structure. 


The files of the second data structure would 
vary from the files on the first data 
structure. 






23 


45. A descriptive data structure as in claim 
44. in which: 




24 
25 
26 


said information regarding elements 
contained within said first rights 
management data structure includes 
information relating to the location of at 
least one such element. 


INF specify where the driver files are 
located using the SourceDiskNames and 
SourceDiskFiles sections. 






27 


46. A descriptive data structure as in claim 
44. further including: 




28 


a first target data block including 
information relating to a first target 


Operating system version "decorating" 
relatingithe architecture, major and minor 




|i 
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environment in which the descriptive data 
structure may be used. 



operating systems versions, product and 
suit information all relate to the first target 
environment. 



47. A descriptive data structure as in claim 
46. further including: • . . 



a second target data block including 
information relating to a second' target 
environment in which the descriptive data 
structure may be used. 



Operating system version decorating will 
cover multiple operating systems.- 



said second target environment differing in 
at least one respect from said first target 
environment. 



This is the reason for version decorating. 



48. A descriptive data structure as in claim 
46. further including: 



a source message field containing 
information at least in part identifying the 
source for the descriptive data structure. 



The provider entry in the version section of 
uie INF identifies the provider of the INF 
file. Also, the INF contains a manufacture 
section. 
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58. 



Product Infringing: Microsoft Reader SDK 
and Microsoft Digital Asset Server. 



\ method of creating a first secure 
:ontainer, said method including the 
Allowing steps: 



Method is carried out by Microsoft's 
Digital Asset Server and Microsoft's 
.Lit gen tools 



a) accessing a descriptive data structure, 
said descriptive data structure 
including or addressing 



.opf file describing the file structure of a 
protected e-book including metadata, 
manifest and "spine" information 



Organization information regarding 
organization of the ebook and the 
inscription as specified in the manifest and 
spine information in the .opf file 



(1 ) organization information at least 
in part describing a required or 
desired organization of a content 
section of said first secure 
container, and 



(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container: 



Metadata constitutes rules specifying the 
degree of security to use and/or XrML 
rules 



b) using said descriptive data structure to 
organize said first secure container 
contents 



e-book packaging carried out by Microsoft 
Litgen tool 



c) using said metadata information to at 
least in part determine specific 
information required to be included in 
said first secure container contents; 

and . 



Step performed by Digital Asset Server; 
example of specific information is 
owner/purchaser information required in 
the inscription process 



d) generating or identifying at least one 
rule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. 



Analyzing the metadata and finally 
packaging the e-book using a particular 
security level specified through the 
metadata 



1. A method as in claim 58. in which: 



a) said specific information required to 
be included includes information at 
least in part identifying at least one 
owner or creator of at least a portion of 
said first secure container contents. 



Owner purchaser information required in 
the inscription process; XrML rule 
requiring display of copyright notice 
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58. 



A method of creating a first secure 
container, said method including the 
following steps; 



(a) accessing a descriptive data structure, 
said descriptive data structure 
including or addressing 

(1) organization information at least 
in part describing a required or 
desired organization of a content 
section of said first secure 

container, and : 

(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container; 



(b) using said descriptive data structure to 
organize said first secure container 
contents; 



(c) using said metadata information to at 
least in part determine specific 
information required to be included in 
said first secure container contents; 
and 

(d) generating or identifying at least one 
rule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. 



64. A method as in claim 58, in which: 

(a) said creation of said first secure 
container occurs at a first data 
processing arrangement located at a 
first site; 

(b) said first data processing arrangement 
including a communications pon; and 

(c) said method further includes: 

(1) prior to said step of accessing said 

descriptive data structure, said 



Product Infringing: All products that host 
the Microsoft Common Language Runtime 
or Compact Common Language Runtime. 
Method is practiced by a user using the 
Common Language Runtime (CLR) or 
Compact Common Language Runtime 
(CCLR) to create a dynamic shared 
assembly or .NET Framework SDK to 

create a shared assembly 

.NET framework Assembly class and/or 
AssernbiyBuiider class and/or 

Assemblylnfo file 

This information is specified in the classes 
named above and in the Assemblylnfo file. 



This information is addressed in the classes 
and the Assemblylnfo file, e.g., for a shared 
assembly metadata will be specified that 
the assembly is to be signed using specified 

key 

This step is carried out by applications and 
tools using the classes and assembly info 
file, including CLR (or CCLR) and .NET 

Framework SDK 

This step is carried out by applications and 
tools using the assembly info file and 
classes that specify the metadata required 
in the target assembly 

User may specify rules, as specified in the 
.NET Framework SDK, to be placed in the 
assembly manifest including such rules 
requiring that all code be managed (CLR or 
CCLR compliant), "Code Access Security" 
permissions be supplied for use of code 
supplied in the assembly, etc 

Can be a server, PC or workstation running 
CLR (or CCLR) to create a dynamic shared 
assembly or .NET Framework SDK to 

create a shared assembly) 

Included in virtually any compuiei 



Download of the assemblyinfo file and/or a 
file containing a class calling 4he 
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first data processing arrangement 
receiving said descriptive data 
structure from a second data 
processing arrangement located at 
a second site, 



DefineDynamicAssembly methods or 
download of SDK containing 
assemblybuilder class from a second site 



(d_) said receipt occurring through said first 
data processing arrangement 
communications port. 



Communications port is normally used for 
downloading 



67. A method as in claim 64, further 
comprising: 



at said first processing site, receiving said 
metadata through said communications 
port. 



Download of the Assemblylnfo file and/or 
a file containing a claiss calling the 
DefineDynamicAssembly methods or 
download of SDK containing 
assemblybuilder class from a second site 



68. A method as in claim 67. in which. 
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(a) said metadata is received separately 
from said descriptive data structure. 



71. A method as in claim 58. in which: 



Method practiced when metadata names are 
addressed by the assembly class and a 
template for the Assemblylnfo file, and 
values corresponding to those names are 
received through a user interface such as 
provided by Microsoft Visual Studio or are 
provided from a separate file 



(a) said specific information required to 
be included includes information at 
least in part identifying at least one 
owner or creator of at least a portion of 
said first secure container contents. 



The Assembly class definition includes 
attributes for company name and trademark 
information, and these may be required 
attributes specified in the Assemblylnfo file 



72. A method as in claim 58, in which: 



(a) said specific information required to 
be included includes a copyright 
notice. 



The Assembly class definition includes an 
attribute for copyright field that may be 
required by the Assemblylnfo file 
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58. 


Product Infringing: Microsoft .NET 
Framework, Visual Studio .NET, and tools 
that include the Assembly Generator tool 
AL.exe. 


A method of creating a first secure 
container, said method including the 
following steps; 


The Assembly Generation tool generates 
a portable execution file with an assembly 
manifest from one or more files that are 
either Microsoft intermediate language 
(MSIL) modules or resource files. When 
using the tool's signing option, the 
assembly becomes a secure container. 


(a) accessing a descriptive data structure, 
said descriptive data structure 
including or addressing 


The descriptive data structure is the text 
file used as input by the Assembly 
Generation tool. 


(1) organization information at least 
in part describing a required or 
desired organization of a content 
section of said first secure 
container, and 


The DDS specifies the link and or embed 
directives to indicate which source files 
should be included in the assembly, how 
the included resource will be tagged, and if 
the resource will be private. Private 
resources are not visible to other 
assemblies. 

These tags are used to organize the 
assembly into named sections. 
Private attributes are used to organize the 
assembly into both public and private 
sections. (Public sections are the default.) 


(2) metadata information at least in 
part specifying at least one step 
required or desired in creation of 
said first secure container; 


The text file can contain "options" relating 
to how the assembly should be built and 
additional information that should be 
included. 

Main - Specifies the method to use as 
an entry point when converting a 
module to an executable file. 
Algid- Specifies an algorithm to hash 
all files. 

Comp - Specifies string for the 

Company field. 

Conf - Specifies string for 

Configuration field 

Copy- Specifies string for Copyright 

field. 

Culture - Specifies the culture string to 
associate with the assembly. 
Delay - Variation of this option 
ijsDecifies whether the assembly will be 
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fully or partially signed and whether the 
public key is placed in the assembly. 
Description - Specifies the description 
field. 

Evidence - Embeds file in the assembly 
with the resource name 
; Security.Evidence. 
Fileversiori - Specifies the file version 
of the assembly. 

Flags - Specifies flags for such things 
as the assembly is side-by-side 
compatible, assembly cannot execute 
with other versions if either they are 
executing in the same application 
domain, process or computer. 
Key/- Specifies a file that contains a 
key or key pair to sign an assembly. 
Keyn - Specifies the container that holds 
a key pair. 

Product - Specifies string for Product 
lield. 

Productv- Specifies string for Product 
Version. 

Template - Specifies the assembly fro 
which to inherit all assembly metadata. 
Title - Specifies string for Title field. 
Trade - Specifics string for Trademark 
field. 

V- Specifies version information. 


(b) using said descriptive data structure to 
organize said first secure container 
contents 


The following directives are used to specify 
which files are to be compiled into the 
assembly, how they will be tagged, and 
whether or not they will be visible to other 
assemblies, AKA private: 

Embedfname, private ] - copies the 
content of the file into the assembly and 
applies an optional name tag, and 
optional private attribute. 
Linkfname, private] - file becomes part 
of the assembly via a link and applies an 
optional name tag, and optional private 
attribute. 


(c) using said metadata information to at 
least in part determine specific 
information required to be included in 

oalU 1LI Jl oCCUIC CUJlUaUJCl CUlJlCIllo, 

and 


The following are some of the "options" 
address what information should be 
included in the secure container: 

Main - Specifies the method to use as 

an entry point when converting a 

module to an executable file. 

Comp - Specifies string for the 

Company field. 

Conf- Specifies siring for 

Configuration field 

Cow - Specifies string for Copyright 
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field. 

Culture - Specifies the culture string to 
associate with the assembly. 
Description - Specifies the description 
field. 

Evidence - Embeds file in the assembly 
with the resource name 
Security.Evidence. 

Fileversion - Specifies the file version 
of the assembly. 

Flags - Specifies flags for such things 
as the assembly is side-by-side 
compatible, assembly cannot execute 
with other versions if either they are . 
executing in the same application 
domain, process or computer. 
Keyf - Specifies a file that contains a 
key or key pair to sign an assembly. 
Keyn - Specifies the container that holds 
a key pair. 

Product - Specifies string for Product 
field. 

Productv - Specifies string for Product 
Version. 

Template - Specifies the assembly fro 
which to inherit all assembly metadata. 
Title - Specifies string for Title field. 
Trade - Specifics string for Trademark 
field. 

V- Specifies version information. 


(d) generating or identifying at least one 
rule designed to control at least one 
aspect of access to or use of at least a 
portion of said first secure container 
contents. 


User may specify rules, as specified in the 
.NET Framework SDK, to be placed in the 
assembly manifest including such rules 
requiring that all code be managed (CLR 
compliant), "Code Access Security" 
permissions be supplied for use of code 
supplied in the assembly, etc. 


71. A method as in claim 58, in which: 




(aj said specmc lniormauon required 10. 
be included includes information at 
least in part identifying at least one 
owner or creator of at least a portion of 
said first secure container contents. 


The following "options" specifies owner 
and creator information: 

Comp - Specifies string for the 
Company field. 

Copy- Specifies string for Copyright 
field. 

Trade - Specifics string for Trademark 
field. 


72. A method as in claim 58, in which: 




(a) said specific information required to 
be included includes a copyrighi 
notice. 


The copy "option" specifies the string for 
the for the Copyright field. 
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INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 



i. 



Products infringing: All products that include 
the Common Language Runtime or Compact 
Common Language Runtime or Common 
Language Infrastructure. 



A method for using at least one resource 
processed in a secure operating environment at 
i first appliance, said method comprising: 



Resource may constitute a Microsoft Windows 
process or hardware element; secure operating 
environment is Microsoft Common Language 
Runtime ("CLR") environment, Common 
Language Infrastructure ("CLI") or Compact 
CLR ("CCLR"); first appliance is computer 
running CLR, CLI or Compact CLR. Two 
infringing scenarios are set forth herein: (1) 
For CLR, an administrator, using the .NET 
framework, caspol.exe tool remotely configures 
security policy in a .NET configuration file for 
a machine, enterprise, user, or application and 
that security policy interacts with rules or 
evidence declared in a shared assembly 
provided by another entity ("1 st scenario"); and 
(2) for CLR, CLI and CCLR two assemblies 
are delivered to an appliance; the first 
assembly has a rule that demands permissions 
from a caller in the second assembly, and the 
second assembly includes a control that asserts 
such permissions or provides evidence that 
convinces the runtime that it has such 
permissions. ("2 nd scenario"). In each scenario 
Microsoft .NET "Code Access Security" 
framework or "Role Based Security" 
framework is used. 



a) securely receiving a first entity's control at 
aid first appliance, said first entity being 
seated remotely from said operating 
nvironment and said first appliance; 



1 st scenario: first entity is the administrator, 
and the policy that constitutes this entity's 
control is securely received at the first 
appliance through a session established 
between the administrator's computer and the 
first appliance, requiring security credentials 
such as the administrator's login and password 
or other secure session means. 
2 nd scenario: first entity is creator or distributor 
of the first assembly, assembly manifest 
includes a control demanding or refusing or 
otherwise asserting a security action on 
permissions from a caller; first assembly is 
integrity-checked. 



:>) securely receiving a second entity's control 
[ said first appliance, said second entity bein£ 
>cated remotely from said operating 
nvironment and said first appliance, said 
tcond entity being different from said first 



Second entity's control is contained in shared 
assembly manifest (and therefore integrity 
protected) that provides evidence for obtaining 
permissions, or asserts permissions; assembly 
creator/distributor is located remotely and is 
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entity; and 



not the administrator (l sl scenario) or 
creator/distributor of the first container (2 
scenario"): 



nd 



c) securely processing a data item at said first 
appliance, using at least one resource, 
ncluding securely applying, at said first 
ippliance through use of said at least one 
esource said first entity's control and said 
;econd entity's control to govern use of said 
lata item. 



Secure processing is carried out by CLR, CLI 
or CCLR, Data item constitutes an executable 
code element, an interface controlled by such 
an executable, a data collection or stream (such 
as media file or stream or text file) or an - 
environment variable'! CLR, CLI or CCLR 
securely processes the rules, which will in both 
scenarios govern access to methods and data 
from the first assembly. The resource named in 
the claim is, e.g., a Windows process that is 
established by the runtime or hardware element 
on the computer. 



>L A method as in claim 1 wherein at least 
aid secure processing step is performed at an 
:nd user electronic appliance. 



Consumer computer or appliance running 
Microsoft CLR, CLI or CCLR). 



1 st scenario 1: link is LAN or WAN; 2 nd 
scenario: link is any telecommunications link, 
including the internet. 



>8. A method as in claim 1 wherein the step of 
ecurely receiving a first entity's control 
omprises securely receiving said first entity's 
ontrol from a remote location over a 
decommunications link, and the step of 
ecurely receiving said second entity's control 
omprises securely receiving said second 
ntity's control from the same or different 
emote location over the same or different 
slecommunications link. 



Secure processing environment is CLR, CLI or 
CCLR running on user's computer or 
appliance. 



5. A method as in claim 1 wherein the 
rocessing step includes processing said first 
nd second controls within the same secure 
rocessing environment. 



1. A method as in claim 1 further including 
le step of securely combining said first 
ntity's control and said second entity's control 
) provide a combined control arrangement. 



In scenario 2, arrangement consists of the stack 
frame, and the corresponding array of 
permission grants for assemblies on the stack, 
and the permission demanded by the first 
assembly. Secure combining performed by the 
CLR. CLI or CCLR. 



6. A method as in claim 1 wherein said two 
ecurely receiving steps are independently 
erformed at different times. 



Steps are performed at different times in both 
scenarios. 



4. A method as in claim 1 wherein at least one 
f the first entity's control and the second 
ntity's control comprises at least one 
xecutable component and at least one data 
3mponent. 



In both scenarios the second entity supplies an 
assembly with a demand procedure executed 
by the CLR, CLI or CCLR. The data 
component is a specific attribute value 
referenced by the assembly. 



9. A method as in claim 1 wherein said first 
ppliance includes a protected processing 
nvironmenl. and wherein: 



Microsoft Common Language Runtime (CLR), 
Common Language Infrastructure (CLI) ; or 
Compact Common Language Runtime (CCLR) 
environment. 



i) said method further comprises a step of 
;ceiving. at said first appliance, said data item 



Typically occurs in both scenarios. 
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separately and at a different time from said 

receiving said first entity's control ; and 

(b) said securely processing step is performed 
at least in part in said protected processing 
environment 



Protected processing environment is the CLR, 
CLI or CCLR. 
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INTFRTRIJST TFCHNOI OG1FS CORP v MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 5,982,891 


22. . 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft ho$ted RMS Service using 
Passport 


A method of securely controlling use by a third 
party of at least one protected operation with 
respect to a data item comprising: 


A user (third party) accesses an IRM-protected 
data item governed by 1RM controls under two 
or more RMS servers. For example, the data 
item may be a IRM-protected document. . 

The IRM controls may be associated with the 
data item directly or via a IRM-protected 
container holding the IRM-protected data item, 
such as an IRM-protected email with the IRM-- 
protected document attached. 


(a) supplying at least a first control from a first 
party to said third party; 


The user acquires a first use license from a first 
RMS server (first party) enabling access to, the 
IRM-protected data item under the IRM rules 
associated with the first RMS server. For 
example: (1) the first use license from the first 
RMS server permits the user to access a IRM- 
protected document contained within or 
attached to an IRM-protected email; or (2) the 
first use license from the first RMS server 
applies a first set of IRM rules to an IRM- 
protected document. 


(b) supplying, to said third party, at least a 
second control from a second party different 
from said first party; 


The user acquires a second use license from a 
second RMS server (second party) enabling 
access to the IRM-protected data item under 
ihf* mlp<; a*s<;nriated with the second RMS 
server. For example: (1) in addition to the 
user being given access to an IRM-protected 
email based on a first use license, a second 
RMS server provides a second use license 
enabling access to the IRM-protected 
document attached thereto; or (2) the second 
use license from the second RMS server 
applies a second set of IRM rules to the IRM- 
protected document. 


(c) securely combining at said third party's 
location, said first and second controls to form 
a control arrangement; - 


The first and second use licenses are combined 
to form a control arrangement that governs 
-access to the IRM-protected data item. 


(d) securely requiring use of said control 
arrangement in order to perform at least one 
protected operation usine said data item; and 


The combined first and second use licenses 
govern access to the IRM-protected data item. 


(e) securely performing said at least one 
protected operation on behalf of said third 
party with respect to said data item by at least 
in part employing said control arrangement 


The user performs a protected operation (e.g., 
read, prim, edit) on the IRM -protected data 
item. The combined first and second use 
licenses are employed to perniit the protected 
operation. 


H 
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23. A method as in claim 22 wherein said data 

item is protected. 

39. A method as in claim 22 further including 
securely and persistently associating at least 
one of: (a) said first control, (b) said second 
control, and (c) said control arrangement, with 

said data item. - 

53. A method as in claim 22 wherein at least 
two of the recited steps are performed at an end 

user electronic appliance. 

60. A method as in claim 22 wherein step (a) 
comprises supplying said first control from at 
least one remote location over a 
telecommunications link, and step (b) 
comprises supplying said second control from 
the same or different remote location over the 
same or different telecommunications link 
67. A method as in claim 22 wherein at least 
step (c) is performed within the same secure 
processing environment at said third party's 

location. 

91. A method as in claim 22 wherein: 

(a) said method further comprises supplying 
said data item to said third party separately and 
at a different time from supplying of said first 
control to said third party; and 



(b) said securely performing step comprises 
performing said protected operation at least in 
part in a protected processing environment. 



The data item is encrypted and protected by 

IRM. 

The first and/or second use license are securely 
and persistently associated with the IRM- 
protected data item. 



Steps performed at a user's computer or 
appliance. 

The first and second use licenses are received 
over a telecommunications link such as a 
. networking or modem/serial interface. 



Steps are performed at user's computer or 
appliance. 



The first use license (first control) is received 
at the time that the user accesses the data item, 
which occurs separately and at a different time 
from receipt of the IRM-protected data item 

itself 

The protected operations require decryption of 
the protected content, which is done inside the 
RM lockbox. The RM lockbox is protected by 
mechanisms such as obfuscation, anti- 
debugging, and tamper resistance. 
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>6. 



Products infringing: Visual Studio.NET, • 
.NET Framework SDK, and all products 
that include the Common Language 
Runtime or Compact Comnion Language 
Runtime or Common Language 
Infrastructure. 



A secure method for combining data 
terns into a composite data item 
:omprising:_ 



a) securely providing, from a first location 
o a second location, a first data item 
laving at least a first control associated 
herewith; 



A first signed and licensed .NET 
component, .NET assembly, managed 
control and/or Web control (component) is 
the first data item. The first .NET 
component developer (first location) 
provides the application assembly 
developer (second location) the first 
component. The first control is the set of 
declarative statements comprising the 
LicenseProviderAttribute (alternately 
referred to as license controls). 



b) securely providing, from a third 
Dcation to said second location, a second 
ata item having at least a second control 
ssociated therewith; 



A second signed and licensed component is 
the second data item. The second 
component developer (third location) 
provides the application assembly 
developer (second location) the second 
component. The second control is the set 
of declarative statements comprising the 
LicenseProviderAttribute. 



:) forming, at said second location, a 
omposite of said first and second data 
ems; 



The application assembly developer will 
include at least the two components into its 
assembly. 



i) securely combining, at said second 
:>cation, said first and second controls to 
3rm a control arrangement; and 



At the second location, the application 
assembly developer uses the .NET runtime 
that includes the LicenseManager. 

Whenever a component is instantiated 
(here, an instance of the first licensed 
component), the license manager accesses 
the proper validation mechanism for the 
component. The license controls (first 
control) for the runtime license (derived 
from the design time license) are bound 
into the header of the .NET application 
assembly, along with the second control for 
the second component. 

Visual Studio.NET securely handles the 
creation of runtime license controls. 
Runtime licenses are embedded into (and 
bound to) the executing application 
assembly. The license control attribute 
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included in the first component is 
customized in the second location to 
express and require the runtime license. In 
a more advanced scenario, the License 
Cornplier tool can be used to create a 
".licenses file" containing licenses for 
multiple components, including runtime 
licenses for components and classes created 
by the license provider. This .licenses file 
is embedded into the assembly. 

The third control set comprises the runtime 
license controls for the first and second 
components (that had been bound to the 
assembly), the declarative controls 
provided by the application assembly 
developer, and any runtime licenses for 
other components included by the 
developer in application assembly. The 
controls are typically integrated into the 
header of the .NET application assembly 
calling the first licensed component. 



(e) performing at least one operation on 
said composite of said first and second data 
items based at least in part on said control 
arrangement. 



The proper execution of the application 
will require that the assembly have run 
time licenses for the two components. 



27. A method as in claim 26 wherein said 
combining step, includes preserving each of 
said first and second controls in said 
composite set. 



The set of declarative statements 
comprising the LicenseProviderAttribute of 
both the first and second components are 
included in the application assembly. 



28. A method as in claim 26 wherein said 
performing step comprises governing the 
operation on said composite of said first 
and second data items in accordance with 
said first control and said second control. 



The application will require the first and 
second controls to operate properly when it 
calls the first and second data items, 
respectively. 



29. A method as in claim 26 wherein said 
providing step includes ensuring the 
integrity of said association between said 
first controls and said first data item is 
maintained during at least one of 
transmission, storage and processing of 
said first data item. 



Signing the component that has embedded 
within it the license control ensures the 
integrity of the association of the control 
and data item. 



31. A method as in claim 26 wherein said 
providing step comprises codelivering said 
first data item and said first control. 



The component includes the license control 
and therefore they are codelivered. 



40. A method as in claim 26 further 
including the step of securely ensuring thai 
at least one of (a) said first control, (b) said 
second control, and (c) said control 
arrangement, is persistently associated with 



Each component includes the license 
control. Signing the component that has 
embedded within it the license control 
ensures the persistence of the association of 
the control and data item. • - ■ . 



293482.02 
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at least one of said first and second data 
items. 



54. A method as in claim 26 wherein at 
least one of steps (c), (d) and (e) is 
performed at an end user electronic 
appliance. _j 



At least step (e) is typically performed at an 
end-user electronic appliance. 



61. A method as in claim 26 wherein step 
(a) comprises providing said first data item 
from at least one remote location over a 
telecommunications link, and step (b) 
comprises providing said second data item 
from the same or different remote location 
over the same or different 
telecommunications link. 



Microsoft maintains Web sites where a 
developer can get components over the 
Web. These sites include references 
whereby a developer may obtain 
components through their Web connection. 
One such site is Internet Explorer Web 
Control Gallery at 

ie.components.microsoft.com/webcontrols 



68. A method as in claim 26 wherein step 
(d) is performed within the same secure 
processing environment at said second 
location. 



Typically, step (d) will be performed 
within the same secure processing * 
environment. 



79. A method as in claim 26 wherein steps 
(a) and (b) are performed at different times. 



The application assembly developer will 
typically acquire components at different 
times. 



86. A method as in claim 26 wherein at 
least one of the first and second controls 
comprises at least one executable 
component and at least one data 
component. 



The component must include an executable 
and can include a data items as a EULA, 
readme file or help file. 
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Infringing products include: Windows 
Media Player, Individualized DRM Clients 
and the Secure Audio Path (SAP) 
technology. 



A method for using at least one resource 
3rocessed by a secure operating . 
environment, said method comprising: 



securely receiving a first load module 
Drovided by a first entity external to said 
operating environment - 



securely receiving a second load module 
provided by a second entity external to said 
operating environment, said second entity 
?eing different from said first entity; and 



The Individualized DRM Client (first load 
module) is a signed security upgrade DLL. 
It is also bound to the hardware ID of the 
machine on which it runs. It is therefore 
s ecurel v delivered and integrity protected. 



A SAP certified driver is also signed and 
carries with it a certificate that indicates its 
compliance with SAP criteria. If it is 
delivered to a PC it is secure in the sense 
that it is integrity protected. This driver 
would not come from the same entity as the 
Individualization DLL. 



;ecurely processing, using at least one 
esource, a data item associated with said 
Irst and second load modules, including 
securely applying said first and second load 
nodules to manage use of said data item. 



If a WM audio file targeted to the 
Individualized DRM client carries with it a 
requirement that SAP be supported to 
render the WMF contents, the content is 
processed for playing through a soundcard 
using the WMP and by applying the DRM 
client - which decrypts the content and 
negotiates with the DRM kernel processing 
of the content through a Secure Audio Path 
that includes the SAP-certified audio 
driver 



>6. A method as in claim 35 wherein at 
east two of the recited steps are performed 
it an end user electronic appliance. 



All steps occur at the user's PC that 
supports the WMP and DRM client and 
SAP, 



>3. A method as in claim 35 wherein said 
irst load module receiving step comprises 
ecurely receiving said first load module 
rom at least one remote location over at 
east one telecommunications link, and said 
econd load module receiving step 
omprises securely receiving said second 
oad module from the same or different 
emote location over the same or different 
elecommunications link. 



The Driver and DRM client are received 
from distinct locations and may be 
delivered securely over the Internet. They 
are delivered securely in that each is 
integrity protected. 



'0. A method as in claim 35 wherein said, 
ecurely processing step comprises 
ecurely executing said first and second 



Both load modules are executed on the PC 
within the WMP/DRM Client/SAP 
environment. : 
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oad modules within the same secure 
processing environment. 



74. A method as in claim 35 further 
ncluding securely combining said first and 
;econd'load modules to provide a 
;ombined executable. 



Since both the DRM client and the driver : 
are DLLs in the same audio rendering 
chain, they exist as an execution 
environment. 



il. A method as in claim 35 wherein said 
;ecurely receiving steps are performed 
ndependentlv at different times. 



The driver and Individualization DLL need 
not be received at the same time. 



>4. A method as in claim 35 wherein said 
;ecure operating environment includes a 
>rotected processing environment, and 
vherein: 

aid method further comprises receiving a 
lata item within said secure operating 
nvironment; 

aid first load module receiving step is 
>erformed separately and at a time different 
rom receiving said data item; and 

aid securely processing step is performed 
t least in part in said protected processing 
nvironment. ; 



The Windows Media Player together with . 
the Individualized DRM Client and Secure 
Audio Path comprise a protected 
environment for processing protected 
media. The protected Windows Media .. 
Files are received after the load modules 
have been received and installed (licenses 
cannot be acquired until load modules are 
in place). The processing of the Windows 
Media File occurs in the protected 
environment. 



Examples of SAP-certified drivers include - as indicated at 
ittp://www.microsoftxom/Wind 



All VIA controllers with AC-97 codecs 

All ALI controllers with AC-97 codec 

Intel ICH controllers with AC-97 codecs 

Creative Labs SoundBlaster 16/AWE32/AWE64/Vibra 

Yamaha OPL3 

Yamaha DS-1 

Cirrus Logic (Crystal) CS4280 
Cirrus Logic (Crystal) CS4614 / CS4624 
ESS Maestro 2E 
USB Audio 

Cirrus Logic (Crystal) CS428 1 



!j 
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• All SiS controllers with AC-97 codecs 

■ Ensoniq ESI 370 

■ NeoMagic NM6 

• Ensoniq ES 137 1/73 and CT5880 

• SoundBlaster Live! 

• Aureal 8810 

• Aureal 8820 

• Aureal 8830 

• Conexant Riptide 

■ ESS Maestro 

• ESS ISA parts 

■ NeoMagic NM5 
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36. 



Product Infringing: Any product using 
Common- Language Runtime (CLR), Common 
Language Infrastructure (CLI), or Compact 
Common Language Runtime (CCLR) 



A secure operating environment system for 
managing at least one resource comprising: 



Microsoft CLR, CLI or CCLR (operating 
environment system), managing: any of the 
resources on a typical computer, including 
memory, files system, communications ports, 
storage devices, and higher level resources that 
may use any of these or combinations of them. 



(a) a communications arrangement 



Communications port and Microsoft Internet 
Protocol stack that may optionally use Secure 
Socket Layer protocol or IPSEOpacket 
security protocol, supplied with Microsoft 
Windows. 



(1) that securely receives a first control 
of a first entity external to said 
operating environment, and 



Rule or evidence contained in the manifest of a 
shared assembly, distributed by a first entity 
that can be used by the CLR, CLI or CCLR to 
determine permissions that may be needed to 
cause operations on a data item or resource 
controlled by another entity; shared assembly 
is tamper-protected and may be received using 
secure SSL or IPSEC protocol. 



(2) securely receives a second control 
of a second entity external to said 
operating environment, said second 
entity being different from said first 
entity: and 



Rule specified in the manifest of a second 
shared (Tamper protected) assembly, that 
demands permissions of callers of its methods. 



eniiiy; anu 

^b) a protected processing environment, 
operatively connected to said 
communications arrangement, that 



CLR, CLI or CCLR, connected to (e.g.) 
communications port 



(1) [] securely processes, using at least 
one resource, a data item logically 
associated with said first and second 
controls, and 



CLR, CLI or CCLR uses type safety 
mechanisms, access controls, integrity 
detection, and separation of domains. Data 
item may be any data item that is managed by 
the second assembly, which may be a member 
of such assembly, and whose state or value 
may be accessible through an interface to other 
assemblies, and which is referenced by the first 
assembly. 



(2) [] securely applies said first and 
second controls to manage said 
resource for controlling use of said data 
item. 



CLR, CLI or CCLR processes the demand for 
permissions from the second assembly, collects 
the evidence or processes the rule from the first 
assembly, and determines whether the first 
assembly has the permissions to use the 
resource to operate on the data item controlled 
by the second assembly. 



>7. A system as in claim 36 wherein said 
)rotected processing environment is part of an 



Computer or electronic appliance running 
CLR, CLI or CCLR 



• !! 
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end user electronic appliance. 

64. A system as in claim 36 wherein said 
communications arrangement receives said 
first and second controls from at least one 
remote location over at least one 

telecommunications link. 

75. A system as in claim 36 wherein said 
protected processing environment combines 
said first and second controls to provide a 
combined control arrangement. 



82. A system as in claim 36 wherein said 
communications arrangement independently 
receives said first and second controls at 

different times 

88. A system as in claim 36 wherein at least 
one of the first control and second controls 
comprises at least one executable component 
and at least one data component. 



Shared assemblies are designed to be received 
remotely, e.g., over the internet. 



Arrangement consists of the stack frame and 
and the corresponding ^rray of permission 
grants for assemblies on the stack, and the 
permission demanded by the second assembly. 

Assemblies, including controls, are designed 
for independent delivery. 



The second entity supplies an assembly with a 
demand procedure (executed by the CLR, CLI 
or CCLR) that includes reference to a specific 
attribute value (the data component), and the 
protected processing environment executes the 
executable component (demand) in a manner 
that is at least in part responsive to the data 
component (execution is in response to the 
security action supplied in the data item). 
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INTERTRUST INFRINGEMENT CHART 
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J6. 



Infringing Product: My Services 



A secure operating environment system 
br managing at least one resource 
comprising: 



Secure operating environment is the secure 
server for any .NET My Services service 
(e.g. Mv Calendar, Mv Inbox) 



i communications arrangement that 
securely receives 



Secure server receives communications 
formatted using the SOAP-SEC, the 
security extension to SOAP that is used by 
My Service servers to receive controls. 



l first control 



The first control is a roleTemplate 
associated with the service. The 
roleTemplate identifies specific actions 
(e.g. read, replace) that can be performed 
against a certain scope (resource or set of 
resources). 



f a first entity external to said operating 
environment, 



The first entity is the administrator of the 
server database, or other entity with 
authority over its content that sets up the 
roleTemplates and scopes. That entity is 
independent from and located remotely 
from the secure server. 



nd securely receives a second control 



A role element specified by a specific end 
user, which is securely received by the 
secure server using the SOAP-SEC 
protocol.. 



f a second entity external to said 
perating environment, said second entity 
eing different from said first entity; 



The end user is located remotely from the 
secure server. 



nd a protected processing environment, 
peratively connected to said 
ommunications arrangement, that: 



The protected processing environment is 
the .NET security service (authorization 
system) operating within the server. The 
server uses the SOAP-SEC 
communication protocol to receive 
controls. 



i) securely processes, using at least one 
^source, a data item logically associated 
^ith said first and second controls, and 



"Securely processes" is performing the 
requested operation on secure server 
running .NET. The system will perform the 
requested operation ensuring that the user 
has no access to information outside the 
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scope computed. 



The resource is the server software and/or 
hardware used to process the two controls 
and user data. 

The first control is the roleTemplate for the 
service. The second control is the role 
element for an individual uisen 

The data item is the end user's stored 
content (e.g. calendar, email inbox, etc.). 



(b) securely applies said first and second 
controls to manage said resource for 
controlling use of said data item. 



64. A system as in claim 36 wherein said 
communications arrangement receives said 
first and second controls from at least one 
remote location over at least one 
telecommunications link. 



75. A system as in claim 36 wherein said 
protected processing environment 
combines said first and second controls to 
provide a combined control arrangement. 

82. A system as in claim 36 wherein said 
communications arrangement 
independently receives said first and 
second controls at different times. 



95. A secure operating environment system 
as in claim 36 wherein said 
communications arrangement also receives 
a data item separately and at a different 
time from at least one of said first control 
and said second control. 



The secure server determines the result 
scope (visible node set) for the operation 
that is computed from the role element and 
the roleTemplate. That result scope is used 
to manage the data item. 



The remote location is the site where the 
user's or administrator's application is 
running. 

The telecommunication link can be the 
Internet, intranet, VPN or other similar 
channels. 

The role scope incorporating the role 
element and the role Template. 



Administrator and user controls will 
ordinarily be received at different times. 



This is the normal case for .NET My 
Services. The user's content is normally 
stored and updated independently of the 
setting of scope elements, role elements and 
roleTemplates. 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,157,721 



Product Infringing: Windows CE for Automotive 



1. A security method comprising: 



WCEfA is Microsoft Windows CE for Automotive, 
sometimes also known by its former name, AutoPC 2.0. 

With WCEfA an OEM can assign their device to a class 
that only accepts certain kinds of software. "The device 
cari be set to accept 1) any software with the correct 
processor/version 2) only certified software or 3) only 
software from the OEM or Microsoft. These Security (or 
Trust) levels also control to which kernel APIs and 
middleware APIs the software has access. 

Background: 

"Microsoft Software Install Manager (SIM), a 
component of WCEfA, allows you to control what can 
be installed on your device platform. You can define 
your platform as being open, closed or restricted to new 
installations, and SIM will enforce these designations " 
(D,pg.l) 

"Anything can be installed on an open platform, as long 
as the applications are compiled for the appropriate 
processor. At the other extreme, no third-party software 
can be installed on a closed platform. Only certified 
applications can be installed on a restricted platform.* 7 
(D,pg.l) 

"By restricting installations to compliant applications, 
the risk of installing and using incompatible or harmful 
software is greatly reduced, while still keeping the 
device open for robust, quality applications that enhance 
the user experience." (F, pg. 1 ) 

WCEfA also has a Security Layer whose purpose is to 
"Create an abstraction layer of security surrounding ISV 
applications to limit and/or deny access to key Windows 
CE kernel API calls and WCEfA middleware APIs." 1, 
Pg. 0 



(a) digitally signing a fust load module with a 
first digital signature designating the first load 
module for use by a first device class; 



A first load module is a WCEfA software component in 
a signed .PE file. The first device class is a device that 
only allows software designated as "restricted" (or 
higher) to be installed. "Restricted" software is software 
that has been certified. With restricted software, the 
device also implements a Security Layer functionality 
that limits the kernel and WCEfA API calls that the 
software can make. 
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"SIM Level: i = Restricted 
Description: Only properly certified CEI (WCEfA 
device installation) files can be installed on the device. 
Remote execution is restricted to executables with 
master key. 

Key: Logo certified CEI file required. CEI files or EXEs 
with master keys permitted." (F, pg.l) . 

"The kernel loader calls it each time's module is loaded 
by Windows CE. It returns one of the following values 
that determine the module's access to kernel resources: 

Value 
' Meaning 

OEM_CERTl FY_TRUST (2) 

The module is trusted by the OEM to perform any 

operation. 

OEM_CERTIFY_RUN (1) 

The module is trusted by the OEM to run but is 

restricted from making certain function calls. 

OEM_CERTIFY_FALSE (0) 
The module is not allowed to run. 

"(H,pg. I) 

Digitally signing: "Before the kernel loads a file, it uses 
the OEMCertifyModule function to verify that the file 
contains the proper signature." (N, pg.l) 

"Signfile.exe: This tool signs an executable with a 
supplied private key. You can use the following 
command parameters with this tool....-s AttribString, 
specifies an optional attribute string to be included in the 
signature. For example, you could add a string to 
indicate the trust level of the application." (O. Pg. 1) 

In the MSDN article Verifying the Signature, the sample 

code segment states 

"//the file has a valid signature 

// we expect the trust level to be returned as signed 

data... 

//case *R' : dwTrustLevel - OEMCERT1FYRUN" (N, 
Pg2) 

"The WCEfA Security Layer isolates installed 
applications from making unrestricted kernel and 
WCEfA API calls. This allows the OEM to assign one of 
three levels of security to applications and drivers 
installed in RAM when they are loaded into the system. 
The three levels are Trusted..., Restricted..., and 
Blocked. ..On the systems level, the WCEfA Security 

~ I ' 
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(b) digitally signing a second load module with 
a second digital signature different from the 
first digital signature, the second digital 
signature designating the second load module 
for use by a second device class having at least 
one of tamper resistance and security level 
different from the at least one of tamper 
resistance and security level of the first device . 
class; 



(c) distributing the first load module for use by 
at least one device in the first device class: and 



layer fits between 1SV applications and isolates these 
software modules from having free access to all WinCE 
kernel calls and WCEfA middleware APIs." (I, pg. 1) 

The developer submits their application for certification. 
If it passes, then the xei file (a form of cab file) receives 
a certification key from the certifier. The signed PE is 
within this xei file. 



A second load module is a WCEfA software component 
is a signed PE file. The second device class with a 
different tamper resistance or security jevel is a device 
that is "Closed", that is, it will not allow third party to 
software to be installed. A closed device only allows 
trusted software to run. The Security Layer setting of 
•Trusted" allows the Microsoft and OEM software full 
access to kernel and middleware APIs. 

In the MSDN article Verifying the Signature, the sample 

code segment states 

"//the file has a valid signature 

// we expect the trust level to be returned as signed 

data... 

//case *V : dwTrustLevel = OEM_CERTlFY_TRUST" 
(N,pg.2) 

"Signfile.exe: This tool signs an executable with a 
supplied private key. You can use the following 
command parameters with this tool.... -s AttribString, 
specifies an optional attribute string to be included in the 
signature. For example, you could add a string to 
indicate the trust level of the application. (O. Pg. 1) 

"SIM Level: 2 = Closed 

Description: Platform is limited to software supplied 
directly by OEM or Microsoft. Third-party applications 
cannot be installed. ... 

Key: Master key required for any install or remote 
execution." (F, pg.l) 

Related to the Security Layer, the Trusted level "is most 
likely reserved for MS and OEM applications and 
drivers." (I, pg. 1) 

Whereas the xei files for certified software have a 
certification key (sometimes call MS Logo key), the xei 
files from Microsoft or the OEM have a master key 
attached. ""Master key required for any install or remote 
execution." (F,p.gl) 



First load module is the certified sofhvare from a third 
parrv that will be run as part of the "Restricted"^™/ 
device class. 

"Once your application is complete, send the xei file to 



• jj 

Exhibit B |j 
49 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



the organization that is performing validation or 
certification for the OEM. They would validate it, then 
either reject or return a .cei that has been stamped with a 
certification key. You would then reproduce this xei file 
on CD-ROM or a compact flash card and distribute." (D, 
Pg5) 

"APCLoad compares the device SIM level against the 
.cei file certification key, and either allows the 
installation to proceed or prohibits it based on the 
outcome of this comparison." (D t pg. 2) 

"Security:. To achieve a high level of reliability, 
WCEfA is carefully designed to: 

Control the installation of certified and tested 
. . software and drivers. 

Limit the access of system services by installed 

module. 

Monitor the proper execution of software..." 
(G,pg- 1) 



(d) distributing the second load module for use 
by at least one device in the second device 
class. 



The second load module is the certified software from 
the OEM or Microsoft that will be run as part of the 
"Closed" second device class. 

"You may need to change ROM components after your 
device ships, either to fix a problem, or to provide 
enhanced functionality. For this purpose, the OEM is 
given a CElBuild that adds a master key to a .cei file. 
CEI files stamped with this master key can be installed 
on an open, closed or a restricted platform." (D, pg. 3) 

"Trusted; The application is registered as a completely 
trusted module and allowed full access to the kernel 
APIs and WCEfA APIs. This mode is mostly likely 
reserved for MS and OEM applications and drivers. 
Note that applications and drivers included in ROM are 
automatically given trusted status." (I, pg.l) 



References: 

D] hrrp://msdn. m icrosoft.com/library/defau It. asp?url 

F] http://msdn. microsoft. com/1 ibrary/default.asp?url= 

G] http://msdn.microsoft.com/library/default.asp7url 

H] hrrp://msdn.microsoft.com/library/default.asp?url 

I] hn^://msdn.microsofl.com/library/default.asp?url 
N] http://msdn.microsoft.com/library/defauIt.asp7urI 
O] http://mso^.microsoft.corn/library/default-asp?url 



=/library/en -us/dncea u to/htm 1/WinC A uto_S IM .asp 
l\ ibrary/en-us/apcgu ide/hrm/ce ibu ildre v_8 .asp 
=/library/en-us/apcguide/htm/securityrev.asp 
l=/library/en-us/apcguide/htm/securityrev_7.asp 
-I\ ibrary/en- us/apcgu ide/htm/rel iabil i tyrev_3 .asp 
: /library/en-us/wcedsn40/htnVcgconVerifymgSignarure.asp 
: /library/en-us/wceoern/htrn/os_secur_6.asp 
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1NTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO."6, 157,721 



5. 


Product infringing: Windows Hardware 
Quality Lab certification services, and * 
operating system products that support 
driver signature technology. 


A software verifying method comprising: 


Microsoft encourages manufacturers to 
have their device drivers tested and signed. 
For example, only signed drivers will ship 
"in-the-box." Also, Microsoft's driver 
ranking prefers signed drivers to unsigned 
drivers. 

Microsoft Web Page * Can't Find a Test 


Category for Your Driver? 
WHQL's long : term objective is to be able 
to digitally sign all drivers. Although we do 
not currently have test programs for certain 
driver types, such as specialized device 
drivers and software filter drivers, WHQL 
is investigating a long term solution to 
expand the categories of drivers tested 
under Windows 2000 and ultimately all 
Windows operating systems. We are 
already formulating a test program for anti- 
virus file system filters, and plan to address 
other file system filter drivers as soon as 
the initial proerarn is in place. 


(a) testing a load module 


The driver will be tested for each version of 
the operating system it supports and against 
the device class specification that apply to 
the device's class. 

The driver package is a load module. A 
driver package contains one or more of the 
following files: 

A device setup information file (INF file) 

A driver catalog (.cat) file 

One or more optional co-installers 

Microsoft operates the Window Hardware 
Quality Lab, which tests drivers submitted 
by driver manufactures. 

The manufacturer can test their own driver 
using the Microsoft testing kit and submit 
the test results to WHQL when requesting a 
signature. Additionally, Microsoft or a 
testing facility working with Microsoft can 
perform the testing. 


having at least one soecification associated 


The manufacturer-written INF file, which 



ill 
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therewith, 



the specification describing one or more 
functions performed by the load module; 



(b) verifying thai the load module satisfies 
the specification; and 



is part of the driver package, is a. 
specification. Microsoft Windows drivers 
must have an INF file in order to be 
installed. 



The INF Version section specifies its 
device class. One use of the device class is 
to identify the specific Windows 
compatibility specification that relate to the 
device class. These specifications will vary 
by device class in part because the function 
of each device can vary among class. The 
INF incorporates by reference the , 
Microsoft supplied device class-specific 
specification by identifying its class in the 
INF. 



The INF can include operating system 
"decorating" to specify the operating 
system architecture, major and minor 
version, product and suite the driver is 
intended for and can further use this 
decorating to specify what operating 
systems for which it is not intended. 
Because the functionality of each of the 
operating systems may vary the driver must 
be tested for each applicable operating 
system. 

Qualification Service Policy Guide - 
Hardware Category Policies 

You must select the correct hardware 
category for your device. If you select the 
wrong hardware category for your device, 
your submission will fail. For example, if 
you have a storage/hard drive device, but 
you select storage/tape drive as your 
hardware category, your submission will 
fail. 

Windows XP HCT 1 0.0 Q & A - Windows 
XP Logos 

Q: Which "Designed for Windows XP" 
logos are available for my product? 
A: Devices and systems qualify for a 
"Designed for Windows" logo after passing 
testing with the appropriate WHQL test kit 
on all operating systems specified by the 
logo. "Designed for Windows" Logos for Device 
and System Programs lists which logos are 
available for each type of product. 



The Microsoft WindowsXP Hardware 
Compatibility Test (HCT) kit version 10.0 
includes the tests, test documentation; and 
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submission processes that are required to 
participate in the Microsoft Windows Logo 
Program for Hardware for the Windows 
XP Professional operating system. To 
qualify to use the "Designed for Windows" 
logo for hardware, products must pass 
testing with the Microsoft Windows HCT 
kit. The HCT kits are organized by. 
hardware type. 

As mentioned above, the manufacturer can 
test their own driver using the Microsoft 
testing kit and submit the test results to 
WHQL when requesting a signature. 
Additionally, Microsoft or a testing facility 
working with Microsoft can perform the 
testing. 


(c) issuing at least one digital certificate 
attesting to the results of the verifying step. 


When a driver package passes WHQL 
testing, WHQL generates a separate CAT 
file containing a hash of the driver binaries 
and other relevant information. WHQL 
then digitally signs the CAT file using 
Digital Signature cryptographic technology 
and sends it to the vendor. Driver signing 
does not change the driver binaries or the 
INF file submitted for testing. 

JVLicroson uses aigiiai signaiure^ lor ucvioc 
drivers to let users know that drivers are 
compatible with Microsoft Windows XP, 
Windows 2000, and Windows Me. A 
driver's digital signature indicates that the 
driver was tested with Windows for 
compatibility and has not been altered since 
testing. 
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14. 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



A first protected processing environment 
comprising: 



A personal computer running Windows XP, 
Windows 2000, or Windows 2003 



a first tamper resistant barrier having a first 
security level, and 



The tamper resistant barrier is the Office 2003 
IRM client environment and includes the 
signed digital certificate identifying the user. 

If the certificate is tampered with, or if certain, . 
sensitive ERM processes or modules are 
debugged or tampered with, the system will 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application, e.g., Word. 



at least one arrangement within the first 
tamper resistant barrier that prevents the first 
protected processing environment from 
executing the same load module accessed by a 
second protected processing environment 
having a second tamper resistant barrier with a 
second security level different from the first 
security level. 



The arrangement that prevents a load module 
from running in one PPE and not in another is 
the type and characteristics of a particular Load 
Module (VBA program within a document or 
add-in); i.e., signed, script author, code 
capabilities, etc., and the "Security Level" 
settings. 



•ii 
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18. 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



\ method for protecting a first computing 
irrangement surrounded by a first tamper 
esistant barrier having a first security level, 
he method including: 



The first computing arrangement with a tamper 
resistant barrier is the Office 2003 1RM client 
environment and includes the signed digital 
certificate identifying the user. 

If the certificate is tampered with, or if certain, 
sensitive IRM processes or modules are 
debugged or tampered with, the system will 
cease to operate. 

The computing arrangement is being protected 
from; for example, viruses and malicious code. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application, e.g.. Word. 



)reventing the first computing arrangement 
rom using the same software module 
iccessible by a second computing arrangement 
taving a second tamper resistant barrier with a 
econd security level different from the first 
ecurity level. 



The arrangement that prevents a load module 
from running in one computing arrangement 
and not in another is the type and 
characteristics of a particular software module 
(VBA program within a document or add-in); 
i.e., signed, script author, code capabilities, 
etc., and the "Security Level" settings. 
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Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hooted RMS Service using 
Passport 


A protected processing environment 
comprising: 


A personal computer running Windows XP, 
windows ^Uw, ui wniuuwo xwj 


a first tamper resistant barrier having a first 
security level, 


The first tamper resistant barrier is the Office 
2003 IRM client environment and includes the 
signed digital certificate identifying the user. If 
the certificate is tampered with, or if certain, 
sensitive IRM processes or modules are . 
debugged or tampered with, the system will, 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application, e.g., Word. 


a first secure execution space, and 


The secure execution space is process space 
allocated by the operating system for the 
Microsoft Office host application to run. This 
host application (e.g., Word) executes the VBA. 
code within this process space. 

This execution space (application) is secure 
because the IRM environment takes steps to 
insure that it is "trusted", the application is 
signed, and the document which includes the 
VBA code is protected by IRM policy and then 
encrvnted and signed. 


at least one arrangement within the first 
tamper resistant barrier that prevents the first 
secure execution space from executing the 
same executable accessed by a second secure 
execution space having a second tamper 
resistant barrier with a second security level 
different from the first security level. 


The arrangement that prevents a load module 
from running in one computing arrangement 
and not in another is the type and 
characteristics of a particular software module 
(VBA program within a document or add-in); 
i.e., signed, script author, code capabilities, 
etc., and the "Security Level" settings. 


. ; i . 
jl 
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34. 



Product Infringing: Microsoft Common Language 
Runtime and ASP;NET ■ ■ ■ 



A protected processing environment 
comprising: 



Microsoft Common Language Runtime and 
ASP.NET 



a first tamper resistant barrier having a 
first security level, 



TAMPER RESISTANT BARRIER 
The first tamper resistant barrier is the application 
domain in the CLR. The runtime hashes the 
contents of each file loaded into the application 
domain and compares it with the hash value in the 
manifest. If two hashes don't match, the assembly 
fails to load.[l] 

Also "Code running in one application cannot 
directly access code or resources from another 
application. The common language runtime 
enforces this isolation by preventing direct calls 
between objects in different application domains. 
Objects that pass between domains are either 
copied or accessed by proxy."[2] 

SECURITY LEVELS 

The security levels of the; application domain if 
different by setting the trust level assigned to an 
outside application using the "trust" element in the 
web.config for the ASP.NET application. 
Syntax- 

<trust level="Full/High/Low/None" 
originUrl="url"/> 

Example- 

<uust levd="High" 

originUfi=http://www.SomeOtherCompany.com/defaul 
t.aspx/> 

[7] 



a first secure execution space, and 



The application domain is the execution space for a 
particular application. 



it least one arrangement within the first 
amper resistant barrier that prevents the 
irst secure execution space from 
:xecuting the same executable accessed 
>y a second secure execution space 
laving a second tamper resistant barrier 
vith a second security level different from 
he first security level. 



The second secure execution space is another 
application domain that has a different trust level for 
an outside application. 

If second app domain gives Full trust to the outside 
application; whereas the first one doesn't, the first 
app domain won't be able to execute the application 
thai requires full trust permission. 



References: 

m 
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www.microsoft.com/germany/ms/msdnbiblio/do 

tnetrk/doc/as sembly.doc 

[2] msdn.Microsoft.com/library/en- 

us/cpguide/html/ 

cpconapplicationdomainsoverview.asp?frame=tr 
ue 

[ 7] LaMacchia,etc, .NET Framework Securi ty. 
Addision- Wesley, 2002 
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54. 



Product Infringing: Products containing 
Microsoft Common Language Runtime or 
Compact Common Language Runtime and 
products implementing the Common Language 
Infrastructure specification. 



A protected processing environment 
comprising: 



Microsoft Common Language Runtime and 
.NET Framework SDK: 



a first tamper resistant barrier having a first 
security level, 



TAMPER RESISTANT BARRIER 
The first tamper resistant barrier is the 
application domain in the CLR. The runtime 
hashes the contents of each file loaded into the 
application domain and compares it with the . - 
hash value in the manifest. If twd hashes don't 
match, the assembly fails to load. [1] 

Also "Code running in one application cannot 
directly access code or resources from another 
application. The common language runtime 
enforces this isolation by preventing direct 
calls between objects in different application 
domains. Objects that pass between domains 
are either copied or accessed by proxy ."[2] 

SECURITY LEVELS 

Application domains have different security 
levels by setting security policy of the 
application domain programmatically. [3] 
'7/ has different security based on code-based 
security model of.NET Administrators and 
hosts use code-access security to decide what 
code can do, based on characteristics of the 
code itself regardless of what user is executing 
the code. The code characteristics are called 
evidence and can include the Web site or zone 
from which the code was downloaded, or the 
digital signature of the vendor who published 
the code. " 

''When the security manager needs to 
determine the set of permissions that an 
assembly is granted by security policy, it starts 
with the enterprise policy level Supplying the 
assembly evidence to this policy level will 
result in the set of permissions granted from 
thai policy level. The security manager 
typically continues to collect the permission 
sets of the policy levels below the enterprise 
volicv [including the app domain! in the same 
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fashion. These permission sets are then 
intersected to generate the policy system 
permission set for the assembly. All levels must 
allow a specific permission before it can make 
it into the granted permission set for the 
assembly'' 

Example of granted permission sets from a . 
policy- 

Condition: Alt code. Permission Set: Nothing 

Condition: Zone: Internet, Permission Set: Internet Condition: URL: 
www.monash.edu.au, Permission Set: MonashPSet 
Condition: Strong Name: m-Commerce. Permission Set: m- ■ 
Commerce PSet [4] 

Another difference in security levels can be 
whether the verification process is turned off or 
on, "Managed code must be passed through a 
verification process before it can be run 
(unless the administrator has granted 
permission to skip the verification). The 
verification process determines whether the 
code can attempt to access invalid memory 
addresses or perform some other action that 
could cause the process in which it is running 
to fail to operate properly. Code that passes 
the verification test is said to be type-safe. The 
ability to verify code as type-safe enables the 
common language runtime to provide as great 
a level of isolation as the process boundary, at 
a much lower performance cost" [5] 



a first secure execution space, and 



The application domain is the execution space 
for a particular application. 



t least one arrangement within the first tamper 
esistant barrier that prevents the first secure 
xecution space from executing the same 
xecutable accessed by a second secure 
xecution space having a second tamper 
esistant barrier with a second security level 
ifferent from the first security level. 



The second secure execution space is another 
application domain that has a different security 
policy than the first. 

If second app domain's security policy doesn't 
give any permission to code from internet 
zone, but first app domain does, then the code 
would run in first app domain and not in 
second, f 6] 



References: 

www.microsoft.com/germany/ms/msdnbibl 
io/dotnetrk/doc/assembly.doc 
[2] msdn. Microsoft. corn/1 ibrary/en- 
us/cpguide/himl/ 

cpcQnapplicationdomainsoverview.asp?fra 
me-true " '_ '* 
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[3] LaMacchia,etc, .NET Framework 
Securi ty. Addisipn- Wesley, 2002, p.l 13 
[4] Watkins, Demien, "An Overview of 
Security in the .NET Framework", from 
MSDN Library, January 2002 
[5] same as [2] 

[6] msdn.Microsoft.com/library/en- 
us/cpguide/html/ 

cpconapplicationdomainlevelsecuritypolicy 
.asp?frame=true 
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38. 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



A. method for protecting a first computing 
arrangement surrounded by a first tamper 
resistant barrier having a first security level, 
She method including: 



The first computing arrangement surrounded by 
a tamper resistant barrier is the Office 2003 
IRM client environment and includes the 
signed digital certificate identifying the user. If 
the certificate is tampered with, or if certain, 
sensitive IRM processes or modules are 
debugged or tampered with, the system will 
cease to operate. 

The first security level is the "Security Level" 
which has been selected for a particular Office 
Application, e.g.. Word. 



)reventing the first computing arrangement 
rom using the same software module accessed 
)y a second computing arrangement having a 
;econd tamper resistant barrier with a second 
;ecurity level different from the first security 
evel. 



The computing arrangement that prevents a 
software module from running in one 
computing arrangement and not in another is 
the type and characteristics of the particular 
software module (VBA program within a 
document or add-in); i.e., signed, script author, 
code capabilities, etc.j and the "Security Level" 
settings. 
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Product Infringing: Windows Media Rights 
Manager and Windows Media Player 



A system including : 



(a) a first apparatus including, 



Consumer's computer, as shown in WMRM 

SDK . 



(1) user controls, 



Consumer's computer, as shown in WMRM 
SDK ' 



(2) a communications port, 



Consumer's computer, as shown in WMRM 
SDK 



(3) a processor, 



Consumer's computer, as shown in WMRM 
SDK 



(4) a memory storing: 



Consumer's computer, as showij in WMRM 

sdk ; 



(i) a first secure container containing 
a governed item, the first secure 
container governed item being at 
least in part encrypted; the first 
secure container having been 
received from a second apparatus: 



Secure container (packaged Windows Media 
file), received by consumer's computer from 
"Content provider" ( WMRM SDK, Step 3), 
which contains encrypted governed item 
("Encrypted content") 



(ii) a first secure container rule at least 
in part governing an aspect of 
access to or use of said first secure 
container governed item, the first 
secure container rule [sic], the first 
secure container rule having been 
received from a third apparatus 
different from said second 
apparatus: and 



Rights portion of signed license, received by 
consumer's computer from "License issuer" 
(WMRM SDK, Step 9) 



(5) hardware or software used for 
receiving and opening secure 
containers, said secure containers each 
including the capacity to contain a 
governed item, a secure container rule 
being associated with each of said 
secure containers: 



Windows Media Player and Windows Media 
Rights Manager 



(6) a protected processing environment at 
least in part protecting information 
contained in said protected processing 
environment from tampering by a user 
of said first apparatus, said protected 
processing environment including 
hardware or software used for 
applying said first secure container 
rule and a second secure container rule 
in combination to at least in pan 
govern at least one aspect of access to 
or use of a governed item contained in 
a secure container: and 



1st and 2nd rules consist of any two valid rules 
as specified in the Window Media Rights 
Manager SDK; protected processing 
environment includes Windows Media Rights 
Manager and Windows processes for 
protecting operation of Windows Media Rights 
Manager. Licenses can be used to convey 
multiple rules. 



(7) hardware or software used for 



Anv hardware or software employed in 



Exhibit B 



transmission of secure containers to 
other apparatuses or for the receipt" of 
secure containers from other 
apparatuses. 



transmitting Windows Media files, including 
for example consumer's computer's 
communication port and Windows Media 
Player fWMRM SDK, Step 1) 
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h i&GLMM OF INFRINGEMENT; 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



\ system including: 



i first apparatus including, 
iser controls, 
i communications port, 
i processor, 
1 memory storing: 



A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the coromunications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 



l first secure container containing a governed 
tern, the first secure container governed item 
>eing at least in part encrypted; the first secure 
:ontainer having been received from a second 
ipparatus; 



An encrypted IRM-governed email received 
from a remote computer. The encrypted IRM- 
govemed email contains an encrypted IRM- 
governed email message. 



i first secure container rule at least in part 
governing an aspect of access to or use of said 
Irst secure container governed item, the first 
;ecure container rule, the first secure container 
ule having been received from a third 
ipparatus different from said second 
ipparatus; and 



The first secure container rule is received from 
the RMS server in the form of a use license. 

This use license contains rules generated by the 
RMS server specifically for the user (or user's 
group) 



lardware or software used for receiving and 
)pening secure containers, 

;aid secure containers each including the 
capacity to contain a governed item, a secure 
;ontainer rule being associated with each of 
;aid secure containers; 



The RM-enabled device contains hardware or 
software for receiving and opening secure 
emails. 

The secure email has the capacity to contain an 
IRM-governed email message, with a rule 
being associated with each email. 

The rules associated with the secure emails are 
rules that come as part of the original email as 
well as rules that come back from the RMS. 



i protected processing environment at least in 
5art protecting information contained in said 
)rotected processing environment from 
ampering by a user of said first apparatus, 

;aid protected processing environment 
ncluding hardware or software used foi 
ipplying said first secure container rule and a 
iecond secure container rule in combination to 
it least in nart govern at least one asnect of 



Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic techniques. 



The rule governing the email works together 
with an additional rule to determine what 
access to or use (if any) are allowed with 
respect to the IRM-governed email message. 
Fori examnle. the additional rule mav he 
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access to or use of a governed item contained 
in a secure container; and 

hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 



received together with the rule in the use 
license. 

The device includes hardware or software used 
for transmitting or receiving secure emails. For 
example, RM-enabled OUTLOOK is designed 
to transmit and receive encrypted IRM- 
govemed emails to/from other devices. 
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Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



\ system including: 



i first apparatus including, 
jser controls, 
i communications port, 
i processor, 
\ memory storing: 



A device with user controls, a communications 
port, a processor, and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 



i first secure container containing a governed 
tern, the first secure container governed item 
?eing at least in part encrypted; the first secure 
container having been received from a second 
ipparatus; 



The first secure container is an encrypted IRM- 
protected document. 

This encrypted IRM-governed document is, for 
example, received from a remote computer, as 
an attachment to an IRM-governed email or 
downloaded from a document server or web 
site. 



i first secure container rule at least in part 
>oveming an aspect of access to or use of said 
irst secure container governed item, the first 
;ecure container rule, the first secure container 
xile having been received from a third 
ipparatus different from said second 
ipparatus; and 



The first secure container rule is received from 
the RMS server in the form of a use license. 

This use license contains rules generated by the 
RMS server specifically for the user (or user's 
group). 



hardware or software used for receiving and 
>pening secure containers, 

;aid secure containers each including the 
capacity to contain a governed item, a secure 
:ontainer rule being associated with each of 
;aid secure containers; 



The RM-enabled device contains hardware or 
software for receiving and opening secure 
documents. 

The secure documents have the capacity to 
contain IRM-governed content, with a rule 
being associated with each secure document. 

The rules associated with said secure 
documents are the rules that come as part of the 
originally received document as well as rules 
that come back from the RMS server. 



i protected processing environment at least in 
)an protecting information contained in said 
jrotected processing environment from 
ampering by a user of said first apparatus, 



Protected information on the RM-enab!ed 
device is protected by the use of at least 
cryptographic technique. 

The rule eovernine the document works 
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said protected processing environment 
including hardware or software used for 
applying said first secure container rule and a 
second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container; and . 



hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 



together with an additional rule to determine 
what access to or use (if any) are allowed with 
respect to the IRM-govemed document. For 
example, the additional rule may be associated 
with an email to which the document was 
attached, or received together with the rule in 
the use license. . 



The device includes hardware or software used 
for transmitting or receiving secure documents. 
For example, RM-enabled OUTLOOK is 
designed to transmit and receive'to/from other 
devices emails with IRM-governed documents 
attached thereto. • 



■ii 
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i-CLATM LANGUAGE 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



\ system including: 



i first apparatus including, 
lser controls, 
i communications port, 
processor, 

memory storing: 



A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and * 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 



first secure container containing a governed 
tern, the first secure container governed item 
ieing at least in part encrypted; 



The first secure container containing a 
governed item is an IRM protected email. 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 



first secure container rule at least in part 
oveming an aspect of access to or use of said 
rst secure container governed item; and 



The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 



second secure container containing a digital 
ertificate; 



The second secure container is the IRM 
protected attachment's derived license request 
object. 

The license request object contains the 
Publishing license and a signed digital 
certificate. 



ardware or software used for receiving and 
pening secure containers, 

lid secure containers each including the 
ipacity to contain a governed item, a secure 
xitainer rule being associated with each of 
n'd secure containers; 



protected processing environment at least in 
irt protecting information contained in said 
otected processing environment from 
mpering by a user of said first apparatus. 

iid protected processing environment 
cludine hardware or software used for 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 



Protected information on the RM-enabled 
computer is protected by the use of at least 
cryptographic techniques. 



The rules governing the email itself (first 
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applying said first secure container rule and a 
second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container: and 



secure container rule) and the rules governing 
the attachment work together to determine what 
access to or use (if any) will be allowed with 
respect to the governed item. 
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hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 



IRM-enabled applications, e.g., OUTLOOK, 
are designed to transmit and receive RM 
secured containers to/from other computers. 
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3. 


Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 


A system including: 




a first apparatus including, 

user controls, 

a communications port, 

a processor, 

a memory storing: 


A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and ' 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or KAM, t 


a first secure container containing a governed 
item, the first secure container governed item 
being at least in part encrypted; 


The first secure container containing a 
governed item is an IRM protected document, 
which is an attachment within an IRM 
protected email message. The governed item is 
the document's content. 

Both the email message and attachment are 
encrypted and have associated usage rules due 
to IRM protection. 


a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item; and 


A use license for the IRM protected document 
specifies rules governing access to or use of 
said first secure container governed item. 


a second secure container containing a digital 
certificate; 


The second secure container is the IRM 
protected email message. 

The IRM protected attachment includes a 
publishing license and an owner certificate, 
both of which are signed XrML digital 
certificates. 

The attachment (including embedded 
certificates) is contained within the IRM 
protected email message (said second secure 
container). 


hardware or software used for receiving and 
opening secure containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
container rule being associated with each of 
said secure containers: 


The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 


a protected processing environment at least in 
part protecting information contained in said 
nrotected processing environment from 


Protected information on the RM-enabled 
computer is protected, by the use of at least 
cryptographic techniques. 
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tampering by a user of said first apparatus, 



said protected processing environment 
including hardware or software used for 
applying said first secure container rule and a 
second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 

in a secure container; and . 

hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 



4. A system as in claim 3, - 

said memory storing a rule associated with 
said second secure container, said rule 
associated with said second secure container at 
least in part governing at least one aspect of 
access to or use of said digital certificate. 



The rules governing the attachment (first secure 
container rule) and the rules governing the 
email message (second secure container rule) 
work together. to determine what access to or 
use (if any) will be allowed with respect to the 

governed item. «*• • • 

RM-enabled applications, e.g., OUTLOOK, are 
designed to transmit and receive RM secured 
containers to/from other computers. 



All parts of the attachment (including 
embedded signed XxML licenses/certificates) 
are protected by the enclosing email message 
and governed by the associated email rules 
(second secure container rule). 
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JNTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



CLAIM LANGUAGE 



5. 



A system including: 

a first apparatus including, 

user controls, 

a communications port, 

a processor, 

a memory storing: : 

a first secure container containing a governed 
item, the first secure container governed item 
being at least in part encrypted; 



a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item; and 



a second secure container containing a digital 
signature, the second secure container being 
different from said first secure container; 



hardware or software used for receiving and 
opening secure containers, said secure 
containers each including the capacity to 
contain a governed item, a secure container 
rule being associated with each of said secure 
containers; 



a protected processing environment at least in 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software used for 
annlving said first secure container rule and a 



CLAIM OF INFRINGEMENT 

Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 

A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and * 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 



first secure container containing a governed 
item is an IRM protected email. 

Both the email and attachment are IRM 
protected, each having their own rules, each 

being encrypted. 

The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 



The second secure container is the IRM 
protected attachment's derived license request 
object. 

The license request object contains the 
Publishing license and a signed digital 
certificate. 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 

said secure containers. 

Protected information on the RM-enabled 
computer is protected by the use of at least 
cryptographic techniques. 



The rules governing the email itself (first 
secure container rulel and the rules governing 
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second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container: and 



the attachment will work together to determine 
what access to or use (if any) will be allowed 
with respect to the governed item. 



hardware or software used for transmission of 
secure containers to other, apparatuses or for 
the receipt of secure containers, from other 
a pparatuses. : 



RM-enabled applications, e.g., OUTLOOK, are 
designed to transmit and receive RM secured 
containers to/from other computers. 
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INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



5. 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport m 



A system including: 



a first apparatus including, 
user controls, 
a communications port, 
a processor, 



A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 



a memory storing: 



a first secure container containing a governed 
item, the first secure container governed item 
being at least in part encrypted; 



a first secure container rule at least in part 
governing an aspect of access to or use of said 
first secure container governed item; and 



first secure container containing a governed 
item is an IRM protected email. 

Both the email and attachment are IRM 
protected, each having their own rules, each 
being encrypted. 



The rule governing the email (a first secure 
container rule) governs said first secure 
container governed item. 



a second secure container containing a digital 
signature, the second secure container being 
different from said first secure container; 



The second secure container is the IRM email 
attachment. 

This attachment and its publishing license are 
signed. 



hardware or software used for receiving and 
opening secure containers, said secure 
containers each including the capacity to 
contain a governed item, a secure container 
rule being associated with each of said secure 
containers; 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The FRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 



a protected processing environment at least iir 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software, used for 
annlvine said first secure container rule and a 



Protected information on the RM-enabled 
computer is protected by the use of at least 
cryptographic techniques. 



The rules governing the email itself (first 
secure container rule"* and the rules governing 
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second secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 

in a secure container; and 

hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
a pparatuses. l_: 



the attachment work together to determine what 
access to or use (if any) will be allowed with 
respect to the governed item. 

RM-enabled applications, e.g., OUTLOOK.are 
designed to transmit and receive RM secured 
containers to/from other computers. 
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Infringing products include Office 2003 and 
included applications, arid Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



i system including: 



first apparatus including, 
ser controls, 
communications port, 
processor, 

memory storing: 



A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 



first secure container containing a governed 
^m, the first secure container governed item 
iing at least in part encrypted; 



The fust secure container containing a 
governed item is an IRM protected document, 
which is an attachment within an IRM 
protected email message. The governed item is 
the document's content. 

Both the email message and attachment are 
encrypted and have associated usage rules due 
to IRM protection. 



first secure container rule at least in part 
iveming an aspect of access to or use of said 
st secure container governed item; and 



;econd secure container containing a digital 
'nature, the second secure container being 
fferent from said first secure container; 



A use license for the IRM protected document 
specifies rules governing access to or use of 
said first secure container governed item. 



The second secure container is the IRM 
protected email message. 

The IRM protected attachment includes a 
publishing license and an owner certificate, 
both of which are signed XrML digital 
certificates. 

The attachment (including embedded 
certificates) is contained within the IRM 
protected email message (said second secure 
container). 



dware or software used for receiving and 
ining secure containers, said secure 
itainers each including the capacity to 
itain a governed item, a secure container 
e being associated with each of said secure 
itainers: 



The RM (IRM) enabled computer has software 
for receiving and opening secure containers. 

The IRM secure containers have capacity to 
contain a governed item, with a secure 
container rule being associated with each of 
said secure containers. 



rotected processing environment at least in 
protecting information contained in said 



t 



Protected information on the RM-enabled 
computer is protected hv the use of at least 
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protected processing environment from 
tampering by a user of said first apparatus, 

said protected processing environment 
including hardware or software used for 
applying said first secure container rule and a 
<;pcnnd secure container rule in combination to 
at least in part govern at least one aspect of 
access to or use of a governed item contained 
in a secure container; and 


cryptographic techniques. 

The rules governing the attachment (first secure 
container rule) and the rules governing the 
email message (second secure container rule) 
work together to determine what access to or 
use (if any) will be allowed with respect to the 
governed item. 


hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses. 


RM-enabled applications, e.g., OUTLOOK, are 
designed to transmit and receive RM secured 
containers to/from other computers. 


6. A system as in claim 5, 




said memory storing a rule at least in part 
governing an aspect of access to or use of said 
digital signature. 


All parts of the attachment (including 
embedded signed XrML licenses/certificates) 
are protected by the enclosing email message - 
and governed by the associated email rules 
(second secure container ruleV 
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INTER TR UST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



k-GLAlM OF INFRINGEMENT: 



>8. 



Infringingproducts include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



V system including: 



t first apparatus including; 
iser controls, 
. communications port, 
processor, 

memory containing a first rule, 



ardware or software used for receiving and 
pening secure containers, 

aid secure containers each including the 
apacity to contain a governed item, a secure 
ontainer rule being associated with each of 
aid secure containers; 



. A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 

The first rule governs use of an IRM protected 
document (e.g., an IRM rule permitting a 
document to be read by specified users or 
barring access to IRM-governed information 
from specified users, applications, or other 
principals). 



The RM-enabled device contains hardware or 
software for receiving and opening secure 
containers. 

The secure email has the capacity to contain an 
IRM-governed email message, with a rule 
being associated with each email. 



protected processing environment at least in 
art protecting information contained in said 
rotected processing environment from 
unpering by a user of said first apparatus, 

lid protected processing environment 
lcluding hardware or software used for 
^plying said first rule and a secure container 
lie in combination to at least in part govern .at 
:ast one aspect of access to or use of a 
Dvemed item; and 



Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic techniques. 

The secure container rule is an IRM rule 
governing access to the IRM protected 
document (e.g., a rule permitting editing by 
specified users). 

The rule governing the email works together 
with an additional rule to determine what 
access to or use (if any) are allowed with 
respect to the IRM-govemed email message 
(the document's content). For example, the 
additional rule may be received together with 
the rule in the use license, may be associated 
with a publishing license, may be associated 
with user certification, revocation lists, or 
exclusion policies, or may be received from 
any other source. 



ardware or software used for transmission of 



The device includes hardware or software used 
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secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses; and 


for transmitting or receiving secure containers. 
For example, RM-enabled OUTLOOK is 
designed to transmit and receive encrypted 
IRM-eoverned emails to/from other devices. 


a second apparatus including: 




user controls, . 
a communications port, 
a processor, 

a memory containing a second rule, 


A device with user controls, a communications 
port, a processor and memory. For example, 
the user controls may be a keyboard and 
mouse, the communications port may be a NIC 
card with an Ethernet port, the processor may 
be a CPU, and the memory may be a hard-drive 
or RAM. 

The second rule governs use of an IRM . ' 
protected document (e.g., an IRM rule 
permitting a document to be read by specified 
users or barring access to IRM-governed 
information from specified users, applications,- 
or other principals). 


hardware or software used for receiving and 
opening secure containers, 

said secure containers each including the 
capacity to contain a governed item, a secure 
container rule being associated with each of 
said secure containers; 


The RM-enabled device contains hardware or 
software for receiving and opening secure 
containers. 

The secure email has the capacity to contain an 
IRM-governed email item, with a rule being 
associated with each secure containers. 


a protected processing environment at least in 
part protecting information contained in said 
protected processing environment from 
tampering by a user of said apparatus, 

said protected processing environment 
including hardware or software used for 
applying said second rule and a secure 
container rule in combination to at least in part 
govern at least one aspect of access to or use 
of a governed item; 


Protected information on the RM-enabled 
device is protected by the use of at least 
cryptographic technique. 

The secure container rule is an IRM rule 
governing access to the IRM protected 
document (e.g., a rule permitting editing by 
specified users). 

The rule governing the email works together 
with an additional rule to determine what 
access to or use (if any) are allowed with 
respect to the IRM-govemed item (the 
document's content). For example, the 
additional rule may be received together with 
the rule in the use license, may be associated 
with a publishing license, may be associated 
with user certification, revocation lists, or 
exclusion policies, or may be received from 
an v o th er source . 


hardware or software used for transmission of 
secure containers to other apparatuses or for 
the receipt of secure containers from other 
apparatuses; and 


The device includes hardware or software used 
for transmitting or receiving secure containers. 
For example, RM-enabled OUTLOOK is 
designed to transmit and receive encrypted 
IRM-eovemed emails to/from other devices. 


an electronic intermediary, said intermediary 
including a user rights authority clearinghouse. 


The RMS Server (Microsoft hosted or 
otherwise) constructs a 'use license' specific to 
a piece content and targets it to a specific user. 
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29. A system as in claim 28, said user rights 
authority clearinghouse operatively connected 
to make rights available to users. 



The RMS server sends use licenses to users 
through a communications port, e.g., Ethernet, 
serial, satellite, "the internet" 
These use licenses include rights. 

The clearing functionality of the RMS is 
operatively connected to the RMS server. 
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JNTERTRUST TECHNOLOGIES CORP. r. MICROSOFT CORP. 
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28. 



Product Infringing: Windows Media Rights 
Manager and Windows Media Player 



A system including: 



(a) a first apparatus including; 



Consumer's computer, as shown in WMRM 
SDK 



(1) user controls, 



Consumer's computer, as shown in WMRM 
SDK • 



(2) a communications port, 



Consumer's computer, as shown in WMRM 
SDK 



(3) aprocessor, 



Consumer's computer, as shown in WMRM 

SDK ' ' 



(4) a memory containing a first rule, 



Memory is in the consumer's computer, first 
rule is a right received as part of a signed 
icense (WMRM SDK, Step 9) 



(5) hardware or software used for 
receiving and opening secure 
containers, said secure containers 
each including the capacity to contain 
a governed item, a secure container 
rule being associated with each of 
said secure containers; 



Consumer's computer receives Windows 
Media file (secure container) via 
communications port (WMRM SDK, Step 3) 
and applies secure container rule or rules via 
Windows Media Player and Windows Media 
Rights Manager. 



(6) a protected processing environment at 
least in part protecting information 
contained in said protected processing 
environment from tampering by a 
user of said first apparatus, said 
protected processing environment 
including hardware or software used 
for applying said first rule and a 
secure container rule in combination 
to at least in part govern at least one 
aspect of access to or use of a 
governed item; and 



Processing environment includes Windows 
Media Rights Manager and Windows 
processes for protecting operation of Windows 
Media Rights Manager 



(7) hardware or software used for 

transmission of secure containers to 
other apparatuses or for the receipt of 
secure containers from other 
apparatuses; and 



Hardware or software employed in transmitting 
Windows Media files, including for example 
consumer's computer's communication port 
and Windows Media Player (WMRM SDK, 
Step 3) 



V) a second apparatus including: 



2nd consumer's computer 



(I) user controls. 



2nd consumer's computer 



(2) a communications port. 



2nd consumer's computer 



(3) a processor. 



2nd consumer's computer 



(4) a memory containing a second rule, 



Memory is in the 2nd consumer's computer, 
first rule is a Right received as part of a signed 
license (WMRM SDK, Step 9) 



(5) hardware or software used foi 
receiving and opening secure 
containers, said secure containers 
each including the capacity to contain 



2nd consumer's computer receives Windows 
Media file (secure container) via 
communications port (WMRM SDK, Step 3) 
and applies secure container rule or rules via 
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a governed item, a secure container 
rule being associated with each of 
said secure containers; 



Windows Media Player and Windows Media 
Rights Manager. 



(6) a protected processing environment at 
least in part protecting information 
contained in said protected processing 
environment from tampering by a 
user of said apparatus; said protected 
processing environment including 
hardware or software used for 
applying said second rule and a 
secure container rule in combination 
to at least in part govern at least one 
aspect of access to or use of a 
governed item 



Processing environment includes Windows 
Media Rights Manager and Windows 
processes for protecting operation of Windows 
Media Rights Manager; processing 
environment applies multiple rules in 
combination « 



(7) hardware or software used for 

transmission of secure containers to 
other apparatuses or for the receipt of 
secure cuniainers from other 
apparatuses; and 



Hardware or software employed in transmitting 
Windows Media files, including for example 



2 nd consumer's computer's communication 
port and Windows Media Player, (WMRM 
SDK, Step 3) 



c) an electronic intermediary, said 
intermediary including a user rights 
authority clearinghouse. 



License Issuer 



9. A system as in claim 28, 



said user rights authority clearinghouse 
peratively connected to make rights available 
3 users. _ 



License Issuer, operatively connected to 
consumer's computer (WMRM SDK, Step 9) 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



>6. 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service using 
Passport 



\ method of securely delivering an item, 
ncluding the following steps: 



)erforming an authentication step; 



The RM-enabled application, e'.g., Word, 
OUTLOOK, PowerPoint, etc., must be 
authenticated before it is allowed access to or 
use of the content. 



issociating a digital signature with said item; 



The RM protected co nt ent is signed . 



ncorporating said item into a first secure 
:lectronic container, said item being at least in 
)art encrypted while in said container, 

aid incorporation occurring in an apparatus 
ontaining a first protected processing 
nvironrnent, said protected processing 
nvironrnent at least in part protecting 
nfonmation contained in said protected 
irocessing environment from tampering by a 
iser of said apparatus; 



RM-protected content is packaged with rules 
and encrypted. 



Protected information on the RM enabled 
computer is protected by the use of at least 
cryptographic techniques. 



n said protected processing environment, 
ssociating a first rule with said first secure 
lectronic container, said first rule at least in 
iart governing at least one aspect of access to 
■r use of said item; 



The IRM-protected document (said item) has 
an associated rule or rules. 



uthenticating an intended recipient of said 

Lem; 



A recipient of IRM-protected content must be 
authenticated before being allowed access to or 
use of the content, 



ransmitting said first secure electronic 
ontainer and said first rule to said intended 
ecipient: and 



The document is sent via IRM-protected email 
as an attachment. 



sing a second protected processing 
nvironrnent, providing said intended recipient 
ccess to at least a portion of said item, 

aid access being governed at least in part by 
aid first rule and by a second rule present at 
aid intended recipient's site. 



The email is received at another IRM-enabled 
computer. 



The first said rule is the rule(s) associated with 
the attached document, and the second rule is 
the rule(s) received that govern the email itself. 



Exhibit B l! 
84 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



INTERTRUST TECHNOLOGIES CORP: v. MICROSOFT COUP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



L26. 



Product Infringing: Windows Hardware 
Quality Labs Authentication services, 
Windows operating Systems (such as 
Windows XP) that support the driver 
signing features, and any product using 
Driver Signing feature 



\ method of providing trusted intermediary 
;ervices including the following steps: 



tt a first apparatus, receiving an item from 
t second apparatus; 



Microsoft's Window Hardware Quality . 
Labs (WHQL) (first apparatus) receiving 
driver package (item) frorn independent 
hardware vendor (IHV) or any driver 
developer ( second apparatus). 



issociating authentication information with 
aid item; 



The signature information of a security 
catalog file (see next element of claim) 
names Microsoft as the publisher. 
WHQL's signature is intended to signify 
that a driver has complied with Microsoft's 
Windows compatibility and/or Secure 
Audio Path (SAP) specifications. 



ncorporating said item into a secure digital 
ontainer; 



The hashes of the files making up the 
driver package are included in the signed 
security catalog file for the driver package. 
The catalog file makes the driver package a 
secure digital container. 



ssociating a first rule with said secure 
igital container, said first rule at least in 
art governing at least one aspect of access 
d or use of said item; 



Driver developers specify rules in an INF 
file that govern the installation and/or use 
of the driver. For example, as specified in 
the INF, the installation events will vary 
based on the user's operating system 
version, which includes architecture, 
product type and suite. The INF logging 
rules and can further specify security rules 
that are evaluated when the driver is used. 

White Paper - Operating-System 
Versioning for Drivers under Windows XP 

Setup selects the [Models] section to use 
based on the following rules: 

If the INF contains [Models] sections for 
several major or minor operating system 
version numbers, Setup uses the section 
with the highest version numbers that are 
not higher than the operating system 
version on which the installation is laking 
place. 
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If the INF [Models] sections that match the 
operating system version also include 
product type decorations, product suite 
decorations, or both, then Setup selects the 
section that most closely matches the 
running operating system. 

Suppose, for example, Setup is running on 
Windows XP Professional (which is 
operating system version 5.1), and it finds 
the following entry in a [Manufacturer] 
section: 

%FooCorp%=FooMfg, NT, NT.5, NT.5.5, 
NT....0x80 

In this case, Setup will look for a [Models] 
section named [FooMfg.NT.5j: Setup will 
also use the [FooMfg.NT.5J section if it is 
running on a Datacenter version of 
Windows .NET Server, because a specific 
major/minor version takes precedence over 
the product type and suite mask. 

For example, to create an INF that is 
intended for use only on Windows XP, the 
INF file could contain the following: 

[Manufacturer] 

'Too Corp." = FooMfg, NT.5.1, NT.5.2 
[FooMfg.NT.5.1] 

'Too Device" = FooDev, *F001234 

Note the omission of the undecorated 
[FooMfg] section, as well as the omission 
of the [FooMfg.NT.5.2] section. This INF 
file would appear to be "empty" on any 
operating system other than Windows XP. 

Access Control List Rules 



XP DDK - Tightening File-Open 
Security in a Device INF File 
For Microsoft Windows 2000 and later, 
Microsoft tightened file-open security in 
the class installer INFs for certain device 
classes, including CDROM, DiskDrive, 
FDC, FloppyDisk, HDC, and - 
SCSIAdapter. 

If you are unsure whether the class installer 
for your device has tightened security on 
file opens, you should tighten security by- 
using the device's INF file to assign a value 
to the DeviceCharacteristics value name 
in the registry. Do this within an add- 

■ i 
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transmitting said secure digital container 
and said first rule to a third apparatus, said 
third apparatus including a protected 
processing environment at least in part 
protecting information stored in said 
protected processing environment from 
tampering by a user of said third apparatus; 



registry-section, which is specified using 
the FNF AddReg directive. 



Microsoft, IHV, driver developer or any 
other party distributing signed driver 
packages transmitting the driver package to 
user (third apparatus). Since the driver 
package includes the INF file, it will 
include the first rule. The protected 
processing environment (PPE) is Windows 
operating system with its pertinent services 
such as Windows File Protection, signature 
and cryptographic functions, Plug and Play 
and Set-up and their related default and 
modifiable policies. The PPE checks for 
signatures on driver packages and detects 
situations when the driver package's 
signature does not match the driver 
package. 

Additionally, the Digital Rights Manager 
(DRM) components (kernel and client) will 
contribute to making the third apparatus a 
PPE when the SAP functionality is 
invoked. [That is, when SAP is required, an 
additional signature is checked to verify 
that the driver is SAP compliant and that it 
hasn't been tampered with.] 



said third apparatus receiving said secure 
digit al container and said first rule; 



The end-user receiving the driver package. 



said third apparatus checking said 
authentication information; and 



A step in the Plug and Play/Setup driver 
installation process checks signature at 
installation. Additionally, the DRM 
component will check the DRM signature 
when invoking DRM functionality. 

White Paper - Driver Signing for Windows 



During driver installation, Windows 
compares the hashes contained in the 
driver's CAT file with the computed hash 
of the driver binaries to determine whether 
the binaries have changed since the CAT 
file was created. If a driver fails the 
signature check or there is no CAT file, 
what happens next depends on the driver 
signing policy in effect on the user's 
system: 

If the policy is set to Ignore, the driver 
installs silently, with no message to the 
user. 

If the policy is set 10 Warn, a message 
warns the user the driver is unsigned, 
which means that it has not passed WHQL 
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testing and might cause problems. The 
Warn dialog box gives an administrative 
user the option to override the warning and 
install an unsigned driver anyway. 

If the policy is set to Block, the system 
displays a message that informs the user 
that the driver,cannot be installed because 
it is not digitally signed. 



said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part, by said 
first rule and by a second rule resident at 
said third apparatus prior to said receipt of 
said secure digital container and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment. 



The action would be installing and/or using 
the driver. For example, installation 
policies govern the actions (ignore, warn or 
block) taken based on whether a driver is 
signed or not and these policies (rule) are 
resident on the third apparatus. Another 
rule is the "ranking" of available drivers 
when selecting a driver to install. This 
ranking process includes whether a driver 
is signed or not. Another rule is the 
security access rules that the class installer 
that will be used to install the device has. 

In the case of DRM, the content will have 
associated rules governing its use in a SAP- 
complaint environment. -These rules (the 
content license) can be resident at the third 
apparatus particularly in the case when a 
user is installing a new (SAP-compliant) 
device that will render previously acquired 
content or in the case that acquired content 
cannot be rendered until the user installs 
required drivers. 

For example, when installing: 

The XP driver ranking process and the 
modifiable default related to signature state 
of the driver act as the second rule. 

The driver will be installed only if the first 
and second rules validate. 

Operating-System Versioning for Drivers 
under Windows XP 

Default System Policy for Unsigned 
Drivers 

If the user installs an unsigned driver for a 
designated device class from disk or from 
another web site, Windows XP/Windows 
2000 displays a warning that the driver is 
unsigned, thus helping to preserve the 
integrity of the released system. However, 
by default, Windows XPAVindows 2000 
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does not block installation of unsigned 
drivers, so vendors can get urgent hot-fixes 
to customers while waiting for WHQL to 
test the fix. 

In Windows XP, the default driver signing 
policy can be changed through the 
Hardware tab of the System applet on the . 
Control Panel. A user can change the 
policy to be more restrictive, but not less 
restrictive on a per-user basis (that is, a 
user can change Warn to Block, but not to 
Ignore); An administrator can change the 
policy to be either more restrictive or less 
restrictive for all users on the system by 
checking "Apply the setting as system 
default." 

Driver Ranking 

Under Windows XP, the driver ranking 
strategy has been modified as follows: 

If an INF file is unsigned, and if neither the 
[Models] section nor the [DDlnstalT] 
section is decorated with an NT-specific 
extension, the INF file is considered 
"suspect" and its rank is shifted into a 
higher range (that is, worse) than all 
hardware and compatible rank matches of 
INF files for which one (or both) of those 
criteria are met. 

The new ranking ranges will now be: 
0-0xFFF 

(DRIVER_HAJIDWAREID_RANK) : 
"trusted" hardware-ID match 
0x1000- 0x3FFF : "trusted" compatible- 
ID match 

0x8000 - 0x8FFF : "untrusted" hardware- 
ID match 

0x9000 - OxBFFF : "untrusted" 
compatible-ID match 
OxCOOO - OxCFFF : "untrusted" 
undecorated hardware-ID match (possibly a 
Windows 9x-onJy driver) 
OxDOOO - OxFFFF : "untrusted" 
undecorated compatible-ID match 
(possibly a Windows 9x-only driver) 



3 27. A method as in claim 126, in which 
said authentication information at least in 
part identifies said first apparatus and/or a 



The authentication information will 
identify Microsoft, operator of the first 
apparatus. _____ 
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user of said first apparatus. 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



126. 



Products Infringing: Microsoft Software 
that includes the Authenticode feature, 
.NET Framework SDK, Visual Studio, 
Microsoft technology that supports a digital 
signature function (such as ActiveX), 
Windows Installer technology. 



A method of providing trusted intermediary 
services including the following steps: 



Infringement is based on use Microsoft 
ActiveX control, Cabinet file, Microsoft 
Windows Installer, Authenticode and 
Software Restriction Policy technologies. 
For example, a software publisher 
distributing a signed application that has 
licensed ActiveX controls embedded 
within it would prac t ice this metho d. 



at a first apparatus, receiving an item from 
a second apparatus; 



The item is unsigned software such as an 
ActiveX control or any software packaged 
in a cabinet file or Microsoft Installer 
(.msi) file. Within the development 
environment, multiple software developers 
(working on a second apparatus) will send 
their unsigned software to a secure location 
(first apparatus) containing the entity's 
private signing key. An example entity 
would be a software publisher. 

Source: Deploying ActiveX Controls on 
the Web with the Internet Component 
Download 

The holder of the digital certificate 

Keeping your digital certificate safe is very 
important. Some firms (including 
Microsoft) do not keep their signature file 
on site. The signature is kept with the 
Certificate Authority and files are sent 
there for signing. 



associating authentication information with 
said item; 



Signing the software associates the 
software publisher's identify with the 
software. 

Source: Packaging ActiveX Controls 
Signing Cabinet Files 
A xab file can be digitally signed like an 
ActiveX control. A digital signature 
provides accountability for software 
developers: The signature associates a 
software vendor's name with a given file. A 
signature is applied to a xab file (or 
control) using the Microsoft Authenticode® • 
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technology. 

The .cab tool set assists software 
developers in applying digital signatures to 
.cab files by allowing a developer to 
allocate space in the .cab file for the 
signature. 


incorporating said item into a secure digital 
container; 


Signing software either directly or within a 
package (cabinet or .msi file) secures it in a 
digital container. 

Alternately, the signed ActiveX control 
could be Dlaced into a signed cabinet file. 



associating a first rule with said secure 
digital container, said first rule at least in 
part governing at least one aspect of access 
to or use of said item; 



support code within the ActiveX control 
and/or conditional syntax statements when 
the software is within a signed .msi file. 
When the software is within a signed 
cabinet file, the first rule can be a rule 
contained in the software, as is the case 
when an ActiveX control is packaged in a 
signed cabinet file. 

First rule, in the case of ActiveX: 

When an application with a licensed 
ActiveX control is started, an instance of 
the control usually needs to be created. 
The application accomplishes this by 
making a call to CreatelnstanceLic and 
passing the license key embedded in the 
application as a parameter in the call. The 
ActiveX control performs a string 
comparison between the embedded license 
key and its own copy of the license key. If 
the keys match, an instance of the control is 
created and the application can execute 
normally. 

Source: Using ActiveX Controls to 
Automate Your Web Pages 
Run-time licensing 

Most ActiveX Controls should support 
design-time licensing and run-time 
licensing. (The exception is the control that 
is distributed free of charge.) Design-time 
licensing ensures that a developer is 
building his or her application or Web page 
with a legally purchased control; run-time 
licensing ensures that a user is running an 
application or displaying a Web page that 
contains a legally purchased control. 
Design-time licensing is verified by control 
containers such as Visual Basic. Microsoft 
Access, or Microsoft Visual lnierDev<£. 
Before these containers allow a developer 
to place a control on a form or Web page. 
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they first verify that the control is licensed 
by the developer or content creator. These 
containers verify that a control is licensed 
by calling certain functions in the control: 
If the license is verified, the developer can 
add it. 

Run-time licensing is also an issue for 
these containers (which are sometimes 
bundled as part of the final application); the 
containers again call functions in the 
control to validate the license that was 
embedded at design time. 


transmitting said secure digital container 
and said first rule to a third apparatus, said 
third apparatus including a protected 
processing environment at least in part 
protecting information stored in said 
protected processing environment from 
tampering by a user of said third apparatus; 


The third apparatus is a user computer or 
an application server. The protected 
processing environment (PPE) is Windows 
operating system, Internet Explorer (IE) 
and pertinent operating IE services such as 
Windows File Protection and security, 
signature and cryptographic functions 
related to code signing and related policies. 
The PPE checks for signatures on software 
or the software packages and detects 
situations when the signature does not 
validate as an indication that tampering 
mav have occurred with the item. 


said third apparatus receiving said secure 
digital container and said first rule; 


Having the third apparatus receiving said 
secure digital container and said first rule is 
typical of networked computing 
environments. 


said third apparatus checking said 
authentication information; and 


Examine the signature information includes 
verifying that signature was creating using 
the private key that corresponds to the 
public kev of the publisher. 


said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part, by said 
first rule and by a second rule resident at 
said third apparatus prior to said receipt of 
said secure digital container and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment. 


The action would be installation and/or use 
of the distributed software. The second 
rule can be software restriction policies 
resident on the machine, which can be 
invoked at installation and/or runtime. 

.NET Framework Security - pg 259 


and 

White Paper - Usine Software Restriction 


Policies in Windows XP and Windows 


NET Server to Protect Against 


Unauthorized Software 

Software Restriction Polices is a policy- 
driven technology that allows 
administrators to set code-identity-based 
rules thai deiermine whether an application 
is allowed to execute. (.NET Framework 
Security - pg 259) 
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127. A method as in claim 126, in which 
said authentication information at least in 
part identifies said first apparatus and/or a 
user of said first apparatus. 



For example, administrators can set rules 
for all Windows Installer packages coming 
from the Internet or Intranet zone. 

As part of the DLL load mechanisms, 
Software Restriction Policies is invoked 
and starts to check its most specific rules. 
Software Restriction Policies get invoked 
prior to an .exe being able to run. ' 

The four types of rules are - hash, 
certificate, path, and zone. 

Note: The hash and certificate rules relate 
directing to the signature information 
whereas, the path and zone rules do not. 

The software publisher, user of first device, 
is identified in the authentication 
information. 
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INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



126. 



A method of providing trusted intermediary 
services including the following steps: 



Product infringing: Visual Studio .NET, 
.NET Framework SDK, Authenticode, 
Products that contain the .NET CLR, 
Compact CLR orCLI. 



it a first apparatus, receiving an item from 
i second apparatus; 



First apparatus is a software build or 
deployment services computer that has 
access to signing key. The item may be a 
program, graphic, media object or other 
resource, from a developer computer, or 
archive (second apparatus). 



issociating authentication information with 
;aid item; 



Associating a cryptographic hash with the 
file that will contain this item for the 
purpose of ensuring the authenticity of the 
item, along with names and attributes that 
are desired to be associated with the item 
for identification purposes. 



ncorporating said item into a secure digital 
:ontainer; 



Producing signed, strongly named 
assembly that contains this assembly and 
associated attributes. 



Lssociating a first rule with said secure 
ligital container, said first rule at least in 
>art governing at least one aspect of access 
o or use of said item; 



Including any security demands (such as 
members of the Microsoft .NET 
Framework SDK Public Class 
CodeAccessSecurityAttribute) as part of 
the assembly. 



ransmitting said secure digital container 
nd said first rule to a third apparatus, said 
hird apparatus including a protected 
>rocessing environment at least in part 
>rotecting information stored in said 
irotected processing environment from 
ampering by a user of said third apparatus; 



The third apparatus is a user computer or 
an application server. The third 
apparatus's protected processing 
environment is Windows NT and the .NET 
CLR, CLI and/or compact CLR. 
Information is protected from tampering 
because user is not administrator, user runs 
code on server, a share on another 
computer, or over a network. Further this 
information is protected by a number of 
protection mechanisms that are included 
with the Windows NT and CLR, CLI 
and/or compact CLR distributions. 



aid third apparatus receiving said secure 
igital container and said first rule; 



Having the third apparatus receiving said 
secure digital container and said first rule is 
typical of networked computing 
environments. 



aid third apparatus checking said 
uthentication information: and 



The .NET Framework, when the assembly 
is installed into the global assembly cache 
(GAC). verifies the strong name of 
assemblies. This process includes 
verifying that signature was creating using 
the private key that corresponds to the 
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public key of the publisher. 



said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part, by said 
first rule and by a second rule resident at 
said third apparatus prior to said receipt of 
said secure digital container and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment. 



The action is executing code that is the 
item or using code that renders the item. 
Action is governed by security demands on 
code that calls the item or on code that calls 
code included in the .NET assembly that 
manages said item. The second rule is the 
machine, enterprise, user, and application; 
configuration file resident rules. Typically 
these configuration files will be populated 
before the arrival of most new assemblies 
in a virtual distribution environment This 
action governance occurs in the protected 
processing environment of the CLR, CLI 
and/or compact CLR. - 



127. A method as in claim 126, in which 
said authentication information at least in 
part identifies said first apparatus and/or a 
user of said first apparatus. 



The authentication information will 
identify the .NET Assembly Class 
company name and trademark attributes 
that identify the apparatus or user of the 
first apparatus as being a member of an 
entity or a branded source (brand name). 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,185,683 



126. 



A method of providing trusted intermediary 
services including the following steps: 



Product infringing: Visual Studio .NET, 
.NET Framework SDK, Authentico.de, 
Products that contain the .NET CLR, 
Compact CLR or CLL 



at a first apparatus, receiving an item from 
a second apparatus; 



The item is an unsigned .NET assembly, 
which can include, but not be limited to, a 
Web control, multi-file assembly or 
component. Within the development 
environment, multiple assembly builders 
(working on a second apparatus) will send 
their unsigned assembly to a secure * 
location (first apparatus) containing the 
entity's private signing key. An example 
entity would be a software publisher. 

.NET Security Framework - pg 1 30-1 

Describes this exact practice and further 
explains the "Delay Signing Assemblies" 
feature of.NET that accommodates the fact 
that "many publishers will keep the private 
key in a secure location, possibly 
embedded in specially designed 
cryptographic hardware." 

"Delay signing is a technique used by 
developers whereby the public key is added 
to the assembly name as before, granting 
the assembly its unique identity, but no 
signature is computed. Thus, no private 
key access is necessary." 



associating authentication information with 
said item; 



Strong naming the assembly binds the 
entity's/publisher's name into the 
assembly. The public portion of the key 
used to strongly name the assembly is 
placed in the assembly manifest. Other 
assemblies or applications can contain 
references to the strong names of strongly 
named assemblies such as in the case of 
applications that contain references to a set 
of compliant .NET core libraries. Strong 
naming compliant .NET core libraries with 
the European Computers Manufactures 
Association's (ECMA) key is a way io 
allow any publisher to develop compliant 
.NET core libraries that can be 
authenticated by other applications. 
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incoiporating said item into a secure digital 
container; 



.NET Security Framework - pe 124 
"Strong naming is a process whereby an 
assembly name can be further qualified by 
the identity of the publisher." 
.NET Security Framework - pg 133 
The publisher must advertise its public key 
or keys in an out-of-band fashion (such as 
documentation shipped with the product or 
on the company Web site) 
.NET Security Framework - pg 130 
The goal of the ECMA key is to allow a 
slightly more generalized strong name 
binding than usual, namely allowing 
binding to the publisher of the runtime in 
use, rather than to a fixed publisher. 



associating a first rule with said secure 
digital container, said first rule at least in 
part governing at least one aspect of access 
to or use of said item; 



Signing the assembly places it in a secure 
container. 

.NET Framework Security — pg 527 

Strong named assemblies cannot be 

modified in any manner without destroying 

the strong name signature. 

Applied Microsoft .NET Framework 

Programming - pg 89 

Strongly Named Assemblies Are Tamper- 

Resistant 

When the assembly is installed into the 
GAC, the system hashes the contents of the 
file containing the manifest and compares 
the hash value with the RSA digital 
signature value embedded within the PE 
file (after unsigning it with the public key). 
If the values are identical, the file's 
contents haven't been tampered with and 
you know that you have the public key that 
corresponds to the publisher's private key. 
In addition, the system hashes the contents 
of the assembly's other files and compares 
the hash values with the hash values stored 
in the manifest file's FileDef table. If any 
of the hash values don't match, at least one 
of the assembly's files has been tampered 
with and the assembly will fail to install 
into the GAC. 



A .NET assembly includes imperative and 
declarative statements/rules that will 
govern its access or use. For example, 
role-based security or strong name 
demands in the assembly can be the first 
rule. 

MSDN on Role-Based Security 

Applications that implement role-based . 
security grant rights based on the role 
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associated with a principal object. The 
principal object represents the security 
context under which code is running. The 
PrincipalPermission object represents the 
identity and role that a particular principal, 
class must have to run. To implement the" 
PrincipalPermission class imperatively, 
create a new instance of the class and 
initialize it with the name and role that you 
want users to have to access your code. 

MSDN on StrongNameldentityPermission 

StrongNameldentityPermission class 
defines the identity permission for strong 
names. StrongNameldentityPermission 
uses this class to confirm that calling code 
is in a particular strong-named assembly. 



transmitting said secure digital container 
and said first rule to a third apparatus, said 
third apparatus including a protected 
processing environment at least in part 
protecting information stored in said 
protected processing environment from 
tampering by a user of said third apparatus; 



said third apparatus receiving said secure 
digital container and said first rule; 



said third apparatus checking said 
authentication information; and 



The third apparatus is a user computer or 
an application server. The software 
publisher transmitting the .NET assembly 
to an end-user with a CLR. The third 
apparatus's protected processing 
environment is Windows NT and the .NET 
CLR, CLI and/or compact CLR. 
Information is protected from tampering 
because user is not administrator, user runs 
code on server, a share on another 
computer, or over a network. Further this 
information is protected by a number of 
protection mechanisms that are included 
with the Windows NT and CLR, CLI 
and/or compact CLR distributions. 



The end-user receiving the signed 
assembly. 



The .NET Framework, when the assembly 
is installed into the global assembly cash 
(GAC), verifies the strong name of 
assemblies. This process includes 
verifying that signature was creating using 
the private key that corresponds to the 
public key of the publisher. 
Applied Microsoft .NET Framework 
Programming - pg 89 
Strongly Named Assemblies Are Tamper- 
Resistant 
As above. 

.NET Framework Security - pg 128 



The verification of any strong name 
assemblies is performed automatically 
when needed by the .NET Framework. 
Any assembly claiming a strong name but 
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failing verification will fail to install into 
the global assembly or download cache or 
will fail to load at runtime. 


said third apparatus performing at least one 
action on said item, said at least one action 
being governed, at least in part, by said 
first rule and by a second rule resident at 
said third annaratiK nrinr tn cairl rpp^int r\f 
said secure digital container and said first 
rule, said action governance occurring at 
least in part in said protected processing 
environment. 


Within the CLR (protected processing 
environment), the execution of the program 
will depend upon whether the user is of the 
"role" required of the assembly or whether 
the calling assembly is from a strong- 
named assembly specified ih the "item" 
assembly (alternate first rules) and only if 
assembly complies with the local code 
access security policy (second rule), as an 
example of one of the types of rules that 
.NET Framework allows to be resident on 
the third apparatus.. 



127. A method as in claim 126, in which 
said authentication information at least in 
part identifies said first apparatus and/or a 
user of said first apparatus. 



The user of the first apparatus is the developer 
at the assembly developer. Strong naming 
binds the publisher's name to assembly. 



LaMacchia, Brian, etc, .NET Framework Security . Addison-Wesley, 2002 

Richter, Jeffrey, Applied Microsoft .NET Framework Programming . Microsoft Press, 2002 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT COR P 
INTERTRUST INFRINGEMENT CHART 1 
FOR U.S. PATENT NO. 6,253,193 



A method comprising : 



(a) receiving a digital file including music; 



Infringing products include Windows Media 
Player and Windows Media Rights Manager 
SDK 



(b) storing said digital file in a first secure 
memory of a first device; 



Reference is made to the Windows Media 
Rights Manager SDK Programming Reference 
("WMRM SDK"), attached hereto as Exhibit 
A. Media Player infringement analysis is set 
forth herein using the example of a musicfile 
downloaded and transferred to a portable audio 
player. 

Consumer receives a Windows Media file 
(WMRM SDK. Step 3) 



(c) storing information associated with said 
digital file in a secure database stored on said 
first device, said information including at least 
one budget control and at least one copy 
control, said at least one budget control 
including a budget specifying the number of 
copies which can be made of said digital file; 
and said at least one copy control controlling 
the copies made of said digital file: 



(d) determining whether said digital file may 
be copied and stored on a second device based 
on at least said copy control 



(e) if said copy control allows at least a portion 
of said digital file to be copied and stored on a 
second device, 



(1 )copying at least a portion of said digital 
file; 



(2)transferring at least a portion of said 
digital file to a second device 
including a memory and an audio 
and/or video output; 



(3)storing said digital file in said memory 
of said second device; and 



(4)including playing said music through 
said audio output, 



Windows Media file is stored in consumer's 
computer and all use of it is securely managed 
by the Secure Content Manager in Windows 
Media Player 



License is stored in the License Store (WMRM 
SDK, Step 5); license includes Rights which 
may include AllowTransfertoNonSDMI, 
AllowTransfertoSDMI, (or Allow Transfer to 
WM-D-DRM-Compliant devices or other 
types of devices), and, TransferCount- the 
number of times a piece of content may be 
transferred to the device (a transfer budget). 



Windows Media Rights Manager enforces the 
license restrictions 



Windows Media Rights Manager determines 
whether the AHowTransferToNonSDMI or 
AlIowTransferToSDMI rights are present.(Or, 
Allow Transfer to WM-D-DRM-Compliant 
devices or other types of devices.) 



Transfer to the SDMI or non-SDMI portable 
device (Allow Transfer to WM-D-DRM- 
Compliant devices or other types of devices), if 
allowed bv Windows Media Rights Manager 



Portable device necessarily includes at least a 
memory and audio output 



Music file is transferred to the portable device 



Portable device plays the music 



2. A method as in claim 1, further 
comprising : 



(a) at a time substantially contemporaneous 
with said transferring step, recording in said 



Counter reflecting TransferCount is 
decremented bv Windows Media Rip hts 
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first device information indicating that said 
transfer has occurred. . 

3. A method as in claim 2, in which: 

(a) said information indicating that said 
transfer has occurred includes an encumbrance 
on said budget. 

4. A method as in claim 3, iri which: ^_ 

(a) said encumbrance operates to reduce the 
number of copies of said digital file authorized 
by said budget. 



Manager 



Counter decrement reduces the allowable 
number of budgeted transfers 



Counter decrement reduces the allowable 
number of budgeted transfers 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 



Infringing products include Windows Media 
Player and. Windows Media Rights Manager 
SDK . • 



H. A method comprising : 



a) receiving a digital file; 



Consumer receives a Windows Media file 
(WMRM SDK, Step 3) 



b) storing said digital file in a first secure 
nemory of a first device; 



Windows Media file is stored in consumer's 
computer and all use of it is securely managed 
by the Secure Content Manager in Windows 
Media Player [ 



c) storing information associated with said 
ligital file in a secure database stored on said 
irst device, said information including a first 
ontrol; 



License information is stored in the License 
Store (WMRM SDK, Step 10), license 
information includes Rights. License Rights 
may include AHowTransferToNonSDML, 
AllowTransferToSDMI (Allow Transfer to 
WM-D-DRM-Compliant devices or other 
ty pes of devices^ TransferCount 



d) determining whether said digital file may 
>e copied and'stored on a second device based 
n said first control • 



WMRM determines whether transfer rights are 
included in license (WMRM SDK, Step 5) 



(1) said determining step including 
identifying said second device and 
determining whether said first control 
allows transfer of said copied file to 
said second device, said determination 
based at least in part on the features 
present at the device to which said 
copied file is to be transferred; 



Portable Device Service Provider Module 
identifies the portable device as either SDMI- 
compliant or non-SDMI-compliant (or WM-D- 
DRM Compliant or other types of supported 
devices) and provides this information to 
Windows Media Device Manager, which 
allows the transfer based on whether the device 
identification matches the License Right. 



t) if said first control allows at least a portion 
f said digital file to be copied and stored on a 
scond device, 



If Windows Media Rights Manager determines 
whether the AlIowTransferToNonSDMl or 
AllowTransferToSDMI rights are present (or 
Allow Transfer to WM-D-DRM-Compliant 
devices or other types of devices), the 
following steps are performed: 



(1) copying at least a portion of said 
digital file; 



Transfer to the SDMI or non-SDMl (Allow 
Transfer to WM-D-DRM-Compliant or other) 
portable device, if allowed by Windows Media 
Rights Manager 



(2) transferring at least a portion of said 
digital file to a second device 
including a memory and an audio 
and/or video output; 



Portable device necessarily includes at least a 
memory and audio output 



(3) storing said digital file in said memory 
of said second device; and 



Music file is stored in the portable device 



(4) rendering said digital file through said 
outp ut. 



Portable device plays the music 



! t 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 



Product infringing: Windows Media Player, 
Windows Media Player, Windows Media 
Rights Manager SDK 



15. A method comprising: 



a) receiving a digital file; 



Consumer receives a Windows Media file 
ffWMRM SDK, Step 3) 



h) an authentication step comprising: 



(1) accessing at least one identifier 

associated with a first device or with a 
user of said first device; and 



(2) determining whether said identifier is 
associated with a device and/or user 
authorized to store said digital file; 



License includes identity of user's Windows 
Media Player; WM Players capable of playing 
protected content must be individualized. 
They contain a unique (Individualized) DRM 
client component to which protected WMA 
content licenses are bound. Content licenses 
are bound to this DRM individualization 
module as the result of a challenge sent from 
the Client to the WMLM service. The 
challenge contains information about 
Individualized DRM Client (in the form of an 
encrypted Client ID) and capabilities of the 
machine (e.g. support for Secure Audio Path 
(SAP), version of the WMRM SDK supported 
in the player. 



c) storing said digital file in a first secure 
nemory of said first device, but only if said 
levice and/or user is so authorized, but not 
iroceeding with said storing if said device 
nd/or user is not authorized; 



Music file cannot be used unless identifier 
indicated in License matches user's Windows 
Media Player identifier (that is, the 
Individualized DRM Client to which the 
license is bound must be the same one 
supported by the device). 



Music file will not be processed through 
Windows Media Player, including protected 
rendering buffers, unless the identifiers match. 
Protected WMA file can be stored on client 
even if unauthorized but it cannot be decrypted 
and enter into the secure boundary (first secure 
memory) of the player unless appropriately 
1 i cen sed . 



d) storing information associated with said 
igital file in a secure database stored on said 
irst device, said information including at least 
ne control; 



License includes Rights and is stored in the 
License Store, Rights may include 
AUowTransferToNonSDMI, 
AllowTransferToSDMI, (or Allow Transfer To 
WM-D-DRM-CompliantDevice or bther 
device) TransferCount 



z) determining whether said digital file may 
e copied and stored on a second device based 
n said at least one control; „ 



Windows Media Rights Manager enforces the 
icense restrictions 



f) if said at least one control allows at least a 
onion of said digital file to be copied and 
tored on a second device,. 



(]) copying at least a portion of said 



If appropriate rights are- present, the following 
steps are performed: 



Transfer to the SDMI or non-SDMI (or WM- 
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digital file; 



(2) transferring at least a portion of said . 
digital file to a second device 
including a memory and an audio 

and/or video output; 

(3) storing said* digital file in said memory 
of said second device: and 

(4) rendering said digital file through said 

output ' 

16. A method as in claim 15. in which: 

said digital file is received in an encrypted 
form; 

and further comprising: 

decrypting said digital file after said 
authentication step and before said step of 
storing said digital file in said memory of said 
first device. 



D-DRM Compliant or other) portable device, if 
allowed bv Windows Media Rights Manager 
Portable device necessarily includes at least a 
memory and audio output 



Music file is stored in the portable; device 



Portable device plays the music 



Protected Windows Media File is encrypted. 
,-WMP will not decrypt file until license is 
processed. Licenses are bound to 
Individualization DLLs, which are bound to 
Hardware ID. Ind. DLL and Hardware ID 
must be verified as the Ids to which the license 
is bound - this is the authentication process. : 
(Recall that this module was created based in 
part on receipt of the Client Hardware ID or 
fingerprint and the license was create based in 
part on receipt of a challenge from the client 
indicating the security properties (SAP-ready, 
SDK support, etc.) of the client). 
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INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 



•CLAIM LANGUAGE 



vGM1M{€)F INFRINGEMENT:: 



19. 



Infringing products include Office 2003 and 
included applications, and Server 2003, 
including Microsoft hosted RMS Service iising 
Passport 



A method comprising: 



receiving a digital file at a first device; 



Receiving a digital file such as a Word 
Document, email, Excel spreadsheet, 
PowerPoint presentation, or other content at a 
recipient's device. Such content may be 
received via email, received on removable 
media, such as floppy disk, downloaded and . 
viewable by Internet Explorer, e.g., a web page 
possibly containing graphics and/or audio data, 
etc. 



establishing communication between said first 
levice and a clearinghouse located at a 
ocation remote from said first device; 



If the digital file is subject to rights 
management, and the recipient tries to open the 
digital file in an IRM-enabled application, the 
IRM-enabled application contacts a remote 
RMS, f.g., clearinghouse for a use license. 



laid first device obtaining authorization 
nfonmation including a key from said 
:learinghouse; 



If the recipient is authorized to access or use 
the digital file, the RMS creates a license for 
the digital file. The RMS then seals a key 
inside the license so that only the recipient 
canaccess or use the digital file. Finally, the 
RMS sends the license back to the recipient 



aid first device using said authorization 
nformation to gain access to or make at least 
me use of said first digital file, including 
ising said key to decrypt at least a portion of 
aid first digital file; and 



The recipient's device then uses the key in the 
license to gain access or decrypt a portion of 
the digital file. 



eceiving a first control from said 
learinghouse at said first device; 



The license received from the RMS at the 
recipient's device contains at least one control, 
such as restricting the ability to print, forward, 
or edit. 



toring said first digital file in a memory of 
aid first device: 



The digital file is stored in the memory of the 
said recipient's device, such as in RAM, on a 
hard drive, etc. 



ising said first control to determine whether 
aid first digital file may be copied and stored 
n a second device; 



The at least one control in the license limits 
copying the digital file. 

Such controls are set when the digital file was 
authored. For example, when the digital file is 
authored, the IRM-enabled application 
presented the author with a list of policy 
templates with different rights levels. The 
author selected an appropriate rights level 
which may for instance, allow other users in the 
svstem 1o onen and read the document, hut not 
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to modify it, copy text from it, or forward it. 
These rights or controls are then associated 
with the digital file. 

When an attempt is made to access the digital 
file, the RMS determines the recipient's rights 
based on the recipient's identity and the 
policies or controls associated with the digital 
file. • 



if said first control allows at least a portion of 
said first digital file to be copied and stored on 
a second device, 



If the control in the license allows copying the 
digital file to a second device, then at least a 
portion of the digital file is copied, 



copying at least a portion of said first digital 
file: 



such as by transferring or forwarding the digital 
file in an email message; 



transferring at least a portion of said first 
digital file to a second device including a 
memory and an audio and/or video output; 



storing said first digital file portion in said 
nemory of said second device: and 



A portion of the digital file is then transferred 
to a second device, such as a personal computer 
or portable device. The second device includes 
a memory and an audio and/or video output. 
The memory may be a hard-drive, RAM, CD, 
DVD, or other storage. The audio and/or video 
output may be speakers and/or a video monitor. 



The digital file is stored in the second device's 
memory. 



endering said first digital file portion through 
;aid output. 



The digital file is rendered through the output, 
such as played through the speakers and/or 
displayed on the video monitor. For example, a 
Word document is displayed on the screen of 
the video monitor. 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 



Infringing products include Windows Media 
Player. Windows Media Rights Manager SDK 



19. A method comprising : 



a) receiving a digital file at a first device: 



WMRM SDK. Step 3. 



b) establishing communication between said 
first device and a clearinghouse located at 
a location remote from said first device; 



WMRM SDKi Step 6. 



c) said first device obtaining authorization 
information including a key from said 
clearinghouse: 



WMRM SDK, Step 9. [License contains the 
key] 



d) said first device using said authorization 
information to gain access to or make at 
least one use of said first digital file, 
including using said key to decrypt at least 
a portion of said first digital file: and 



WMRM SDK, Step 11. 



e) receiving a first control from said 
clearinghouse at said first device: 



WMRM SDK, Steps 8-9. 



f) storing said first digital file in a memory 
of said first device: 



WMRM SDK, Step 3. 



g) using said first control to determine 
whether said first digital file may be 
copied and stored on a second device; 



At least the following WMRMRights Object 
properties meet this limitation: 
AHowTransferToNonSDMl, 
AllowTransferToSDMI (or AllowTransfer To 
WM-D-DRM-Compliant Device or other) and 
TransferCount 



i) if said first control allows at least a portion 
of said first digital file to be copied and 
stored on a second device. 



copying at least a portion of said first 
digital file; 



This and all subsequent claim steps occur when 
the condition specified in the WMRMRights 
Object property is met 



) 



Transfer to the SDMI or non-SDMI (or WM- 
D-DRM Compliant) portable device, if 
allowed bv Windows Media Rights Manager 



) transferring at least a portion of said first 
digital file to a second device including a 
memory and an audio and/or video output; 



Portable device necessarily includes at least a 
memory and audio output 



:) storing said first digital file portion in said 
memory of said second device; and 



Music file is stored in the portable device 



) rendering said first digital file portion 
through said output. 



Portable device plays the music 
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INTER TRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 



INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,253,193 



51. A method comprising: 



Infringing products include Windows Media 
Player, Windows Media Player, Windows 
Media Rights Manager SDK 



a) receiving a digital file at a first 
levice; 



WMRM SDK, Step 3. 



b) establishing communication 
>etween said first device and a 
:learinghouse located at a location 
emote from said first device; 



WMRM SDK, Step 6. 



c) said first device obtaining 
tuthorization information from said 
;learinghouse; and _ _, L 



WMRM SDK, Step 9, 



d) said first device using said 
lUthorization information to gain access 
o or make at least one use of said first 
ligital file; 



WMRM SDK, Step 11. 



e) storing said first digital file in a 
nemorv of said first device; 



WMA file stored on client 



f) using at least a first control to 
letermine whether said first digital file 
nay be copied and stored on a second 
evice, said determination based at least 
n part on (1) identification information 
egarding said second device, and (2) 
rie functional attributes of said second 
evice; 



If device is based on WM D-DRM, it has a 
certificate that is used to identify the device as 
compliant as well as the device's security 
level. The security level indicates support on 
the device for such attributes as an internal 
clock. 



g) if, based at least in part on said 
ientification information, said first 
ontrol allows at least a portion of said 
irst digital file to be copied and stored 
n a second device, 



If License specifies that transfer of protected 
WMA file to WM-D-DRM-Compliant device 
is allowed, transfer may occur. 



h) copying at least a portion of said 
irst digital file; 



If transfer is a licensed right as indicated in 
the license, the song is copied to the device via 
Windows Media Device Manager. 



) transferring at least a portion of said 
rst digital file to a second device 
icluding a memory and an audio 
nd/or video output; 



Windows Media Device Manager transfers the 
content to the device; 



) storing said first digital file portion 
i said memory of said second device; 
nd 



WMA file is stored on device 



c) rendering said first digital file 
ortion through said output. 



WMA file is rendered. 
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J3. 



Infringing products include all Microsoft 
tools that support the Microsoft ActiveX 
licensing model, Visual Studio .NET, the 
Microsoft Installer SDK, and Operating 
System products that include the Microsoft 
Installer technology. 



\ data processing arrangement comprising 
it least one storing arrangement that at 
east temporarily stores a first secure 
;ontainer comprising first protected data 
md a first set of rules governing use of said 
Irst protected data, 



The first protected data is an ActiveX 
control. 

The first alternative for the first secure 
container is the signed .msi in which the 
ActiveX developer packaged the ActiveX 
control. The first set of rules is the 
conditional syntax statements of the Signed 
.msi file. 



The second alternative for the first secure 
container is the signed and licensed 
ActiveX control. The first set of rules is 
the license support code in the ActiveX 
control. 

A third alternative for the first container is 
a signed cabinet file containing a (signed or 
unsigned) ActiveX control with license 
support code. The first set of rules is the 
license support code in the ActiveX 
control. 



nd at least temporarily stores a second 
ecure container comprising second 
rotected data different from said first 
rotected data and a second set of rules 
oveming use of said second protected 
ata; and 



The second protected data is the application 
developer's application that includes/uses 
the ActiveX control. The application 
developer's signed .msi file (second secure 
container) contains the application (second 
protected data). The second set of rules is 
the signed .msi file's conditional syntax 
statements that will be governed the 
offer/installation of the application. 



data transfer arrangement, coupled to at 
^ast one storing arrangement, for 
ansferring at least a portion of said first 
rotected data and a third set of rules 
overning use of said portion of said first 
rotected data to said second secure 
ontainer, 



Placing the licensed ActiveX control (first 
protected information) in a signed cabinet 
file (third secure container) that itself is 
included in the application's signed .msi 
file (second secure container). The third 
set of rules is the license support code in 
the ActiveX control. 



jrther comprising 



means for creating and storing, in said at 
least one storing arrangement, a third 
secure container; ' 



The ability of the application developer to 
package files in signed cabinet files. 
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said data transfer arrangement further 
comprising means for transferring said 
portion of said first protected data and 
said third set of rules to said third secure 
container, and means for incorporating 
said third secure container within said 
second secure container; • . 



The third secure container is a cabinet file 
signed by the application developer and 
including at least the licensed ActiveX 
control (first protected information. The 
licensing support code in the ActiveX 
control when its developer added licensing 
support to the ActiveX control is the third 
set of rules. ; 



34. A data processing arrangement as in 
claim 33 further comprising means for 
applying said third set of rules to govern at 
least one aspect of use of said portion of 
said first protected data. 



Before an ActiveX control will create a 
copy of itself, the calling application has to 
pass a license key to the ActiveX control. 
The license support code in the ActiveX 
control (third rule set) evaluates the 
authenticity of the calling' application's 
request. 



35. A data processing arrangement as in 
claim 34 further comprising means for 
applying said second set of rules to govern 
at least one aspect of use of said portion of 
said first protected data. 



Windows Installer operating system service 
enforces the conditional syntax statements 
of the application's signed .msi file. These 
statements govern the offer/installation of 
the ActiveX control. 
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Infringing products include all Microsoft , 
tools that support the Microsoft ActiveX 
licensing model, Visual Studio .NET, the 
Microsoft Installer SDK, and Operating 
System products that include the Microsoft 
Installer technology. 



A method comprising performing the 
following steps within a virtual distribution 
environment comprising one or more 
electronic appliances and a first secure 
container, said first secure container 
comprising (a) a first control set, and 

(b) a second secure container comprising a 
second control set and first protected 
information: 



The signed .msi file created by the ActiveX 
control developer is the first secure , 
container. The conditional syntax 
statement(s) of the ActiveX control 
developer's signed .msi file is/are the first 
control set. 

The first protected information is the 
ActiveX control. 

The first alternative for the second secure 
container is the signed and licensed 
ActiveX control. The second control set is 
the license support code in the ActiveX 
control. 

The second alternative for the second 
secure container is a signed cabinet file 
containing the (signed or unsigned) 
ActiveX control. The second control set is 
the license support code in the ActiveX 
control. 



jsing at least one control from said first 
control set or said second control set to 
govern at least one aspect of use of said 
first protected information while said first 
protected information is contained within 
said first secure container; 



The ActiveX control developer's 
conditional syntax statements (first control 
set) in the ActiveX developer's signed .msi 
file govern the offer/installation of the 
ActiveX control while it is in its signed 
.msi file. 

Alternately, the license support code 
(second control set) in the ActiveX control 
governs use of the licensed ActiveX 
control. . .. 



;reating a third secure container 
:omprising a third control set for governing 
it least one aspect of use of protected 
nformation contained within said third 
iecure container; 



The third secure container is a signed .msi 
file. The application developer packages 
its application in a signed .msi file (third 
secure container) and includes conditional 
syntax statements (third control set) in the 
signed .msi 



ncorporating a first portion of said first 
protected information in said third secure 
;ontainer ? said first ponion made up of 
iome or all of said first protected 
nformation; and : 



Placing the ActiveX control into the 
application developer's signed .msi file 
(third secure container). 



jsing at least one control to govern at least 



The application developer's conditional 
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one aspect of use of said first portion of 
said first protected information while said 
first portion is contained within said third 
secure container. 


syntax statement(s) in its signed .msi file 
govern the offer/installation ActiveX 
control while it is in the signed .msi file 
(third secure container). 




42. A method as in claim 41, .in which said 
first secure container further includes a 
fourth secure container comprising a fourth 
control set and second protected 
information and further comprising the 
following step: 


The second protected information is a 
second ActiveX control. 

The first alternative for the fourth secure 
container is the signed and licensed second 
ActiveX control. The fourth control set is 
the license support code in the ActiveX 
control. 

The second alternative for the fourth secure 
container is a signed cabinet file containing 
the (signed or unsigned) second ActiveX 
control. The fourth control set is the 

Hcpn^p ^linnnrl rnHp in thf* ArtivpX * 
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control. 


using at least one control from said first 
control set or said fourth control set to 
govern at least one aspect of use of said 
second protected information while said 
second protected information is contained 
within said first secure container. 


The ActiveX control developer's 
conditional syntax statements (first control 
set) in the ActiveX developer's signed .msi 
file govern the offer/installation of the 
second ActiveX control while it is in its 
signed .msi file. 

Alternately, the license support code 
(second control set) in the ActiveX control 
governs use of the licensed ActiveX 
control. 




47. A method as in claim 41, in which said 
step of creating a third secure container 
includes: 




creating said third control set by 
incorporating at least one control not found 
in said first control set or said second 
control set. 


The application developer's conditional 
syntax statements are not found in either 
the first control set or the second control 
set. 




52. A method as in claim 41 in which said 
step of creating a third secure container 
occurs at a first site, and further 
comprising: 




copying or transferring said third secure 
containier from said first site to a second 
site located remotely from said first site. 


The application developer at first site 
distributes its application to other sites. 




53, A method as in claim 52 in which said 
first site is associated with a content 
distributor. 


The application developer at the first site is 
the content distributor. 




54. A method as in claim 53 in which said 
second site is associated with a user of 


The application developer distributes the 
application to end-users. 


' :;!' 
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content 



55. A method as in claim 54 further 
comprising the following step: 



said user directly or indirectly initiating 
communication with said first site. 



For Internet downloads, the user initiates 
the communication with the first site. 



64. A method as in claim 54 in which said 
third control set includes one or more 
controls at least in part governing the use 
by said user of at least a portion of said 
first portion of said first protected 
information. 



The application developer's conditional 
syntax statements (third control set) govern 
the installation of the ActiveX control (first 
protected information). 



76. A method as in claim 4 1 in which said 
creation of said third secure container 
further comprises using a template which 
specifies one or more of the controls 
contained in said third control set. 



The third secure container is the application 
developer's signed .msi file and the third 
control set is the conditional syntax 
statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The UlSample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements 
directly govern the installation by blocking 
progress until the EULA is accepted. 



78. A method as in claim 52 in which said 
:reation of said third secure container 
iirther comprises using a template which 
;pecifies one or more of the controls 
;ontained in said third control set. 



The third secure container is the application 
developer's signed .msi file and the third 
control set is the conditional syntax 
statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The UlSample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements 
directly govern the installation by blocking 
progress until the EULA is accepted. 
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81. 



Infringing products include all Microsoft , 
tools that support the Microsoft ActiveX 
licensing model, Visual Studio .NET, the 
Microsoft Installer SDK, and Operating 
System products that include the Microsoft 
Installer technology. 



A data processing arrangement comprising: 
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a first secure container comprising first 
protected information and a first rule set 
governing use of said first protected 
information; 



The first alternative for the first secure 
container is the ActiveX control 
developer's signed .msi file containing a 
licensed ActiveX control (the first . 
protected information). The conditional 
syntax statements of the signed .msi file are 
the first rule set. 

The second alternative for the first secure 
container is the signed cabinet file 
containing the ActiveX control. The 
license support code in the ActiveX control 
is the first rule set. 

The third alternative for the first secure 
container is the licensed and signed 
ActiveX control governed by license 
support code in the ActiveX control. 



a second secure container comprising a 
second rule set; 



The second secure container is the signed 
.msi file which the application developer 
package its application. The second rule 
set is the conditional syntax statements of 
the application developer's signed .msi file. 



means for creating and storing a third 
I secure container; and 



The third container is a signed cabinet file 
containing at least the ActiveX control. 



! means for copying or transferring at least a 
| portion of said first protected information 

and a third rule set governing use of said 
! portion of said first protected information 
j to said second secure container, said means 

for copying or transferring comprising: 



Putting the licensed ActiveX control (first 
protected information) in a signed cabinet 
file (third secure container). Hie licensing 
support code in the ActiveX control is third 
rule set. 



means for incorporating said third 
secure container within said second 
secure container. 



Packaging the signed cabinet file in the 
signed .msi file. 



82. A data processing arrangement as in 
claim 81 further comprising: 




H means for applying at least one rule from 
said third rule set to at least in part govern 
at least one factor related lo use of said 
portion of said first protecied information. 


The third rule set ensures the user is 
licensed. 



83. A data processing arrangement as in 
claim 82 further comprising: 
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means for applying at least one rule from 
said second rule set to at least in part 
govern at least one factor related to use of 
said portion of said first protected 
information. 



The second rule set governs the 
offer/installation of first protected 
information. 
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85. 



Infringing products include all Microsoft 
tools that support the Microsoft ActiveX . 
licensing model, Visual Studio .NET, the 
Microsoft Installer SDK, and Operating 
System products that include the Microsoft 
Installer technology. 



A method comprising the following steps: 



creating a first secure container comprising 
a first rule set and first protected 
information; 



The first protected information is the 
ActiveX control. 

The first alternative for the first secure 
container is the signed and licensed 
ActiveX control. The first rale set is the 
license support code in the ActiveX 1 ' 
control. 

The second alternative for the first secure 
container is an (signed or unsigned) 
ActiveX control with license support 
contained within a signed cabinet file. The 
first rule set is the ActiveX license support 
code. 



storing said first secure container in a first 
memory; 



The first secure container is stored at the 
ActiveX control developer's location. 



creating a second secure container 
comprising a second rule set; . 



The second secure container is the 
application developer's signed .msi file. 
The conditional syntax statements of the 
signed .msi file are the second rule set 



storing said second secure container in a 
second memory: 



The second secure container is stored at the 
application developer's location. 



copying or transferring at least a first 
portion of said first protected information 
to said second secure container, said 
copying or transferring step comprising: 



The ActiveX control developer packages 
the control in a signed .msi file for 
distribution to the application developer's 
site. 



creating a third secure container 
comprising a third rule set; 



The third secure container is the ActiveX 
control developer's signed .msi file 
containing a licensed ActiveX control. The 
conditional syntax statements of the signed 
.msi file are the third rule set. 



copying said first portion of said 
first protected information; 



In preparation for using a msi authoring 
tool, such as Microsoft's Orca, copying the 
ActiveX control to a package staging area. 



transferring said copied first portion 
of said first protected information to 
said third secure container: and 



Using msi authoring tool to import the 
control into the signed .msi file. 



copying or transferring said copied 
first portion of said firsi protected 
information from said third secure 
container to said second secure 
container. * 



The application developer installs the 
ActiveX control, which involves removing 
it from the ActiveX developer's signed 
.msi file and installing it into its, 
environment. Subsequently, the 
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application developer places the ActiveX 
control into its signed .msi file when it is 
packaging its application. 



87. A method as in claim 85 in which said 
copied first portion of said first protected 
information consists of-tfie entirety of said 
first protected information. ■ 



The entire ActiveX control is copied. 



89. A method as in claim 85 in which 



said first memory is located at a first site, 



The first memory is located at the ActiveX 
control developer's site. 



said second memory is located at a second 
site remote from said first site, and 



The second memory is located at the 
a pplication developer's site. 



said step of copying or transferring said 
first portion of said first protected 
information to said second secure container 
further comprises copying or transferring 
said third secure container from said first 
site to said second site. 



The ActiveX control developer's signed 
.msi file is transferred from its site to the 
site of the application developer. 
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85. (alternate infringing scenario) 



A method comprising the following steps: 
creating a first secure container comprising 
a first rule set and first protected 
information; 



storing said first secure container in a first 
memory; 



creating a second secure container 
comprising a second rule set; 



storing said second secure container in a 
second memory; 



Infringing products include all Microsoft 
tools that support the Microsoft ActiveX 
licensing model, Visual Studio .NET, the. 
Microsoft Installer SDK, and Operating 
System products that include the Microsoft 
Installer technology. 



The first protected information is the 
ActiveX control. 

The first alternative for the first secure 
container is the signed and licensed 
ActiveX control. The first rule set is the 
license support code in the ActiveX-' 
control. 

The second alternative for the first secure 
container is a (signed or unsigned) ActiveX 
control with license support contained 
within a signed cabinet file. The first rule 
set would remain the ActiveX license 
support code. 

The third alternative for the first secure 
container is a signed msi file in which the 
ActiveX control developer packaged its 
ActiveX control. The first rule set is the 
conditional syntax statement(s) of the 
signed msi file. 



The first secure container is stored at the 
ActiveX control developer's location. 



The second secure container is the 
application developer's signed .msi file. 
The conditional syntax statements of the 
signed .msi file are the second rule set. 



The second secure container is stored at the 
application developer's location. 



copying or transferring at least a first 
portion of said first protected information 
lo said second secure container, said 
copying or transferring step comprising: 



The ActiveX control is placed in a cabinet 
file signed by the application developer and 
the signed cabinet file is placed in a .msi 
file signed by the application developer. 



creating a third secure container 
comprising a third rule set; 



The third secure container is signed cabinet 
file in which the application developer 
placed licensed ActiveX. The third rule set 
is the license support code in the ActiveX 
control. 



copying said firsi portion of said 
first protected information; 



Copying ActiveX control- 



transferring said copied first portion 
of said first protected information to 



Transferring ActiveX control to signed 
cabinet file. '__ 
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said third secure container: and 



copying or transferring said copied 
first portion of said first protected 
information from said third secure 
container to said second secure 
container. 



The application developer places the signed 
cabinet file into its signed .msi file when it 
is packaging its application. 



87. A method as in claim 85 in which said 
copied first portion of said first protected 
information consists of the entirety of said 
first protected information. 



The entire ActiveX control is copied. 



93. A method as in claim 85 in which 



said step of copying transferring said 
copied first portion of said first protected 
information from said third secure 
container to said second secure container 
further comprises storing said third secure 
container in said second secure container. 



The ActiveX control is placed in a cabinet 
file signed by the application developer arid 
the signed cabinet file is placed in a .msi 
file signed by the application developer. 
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1. 



Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
;NET, the Microsoft Installer SDK, and- 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer . 
technology. 



A method of operating on a first secure 
container arrangement having a first set of 
controls associated therewith, said first 
secure container arrangement at least in 
part comprising a first protected content 
file, said method comprising the following 
steps performed within a virtual 
distribution environment including at least 
one electronic appliance: 



The first protected content is a signed and 
licensed .NET component used by.the 
.NET assembly. The .NET assembly is 
distributed with a signed and governed .msi 
file. The second protected content is 
another signed and licensed .NET 
component that is used by the .NET 
assembly. 



using at least one control associated with 
said first secure container arrangement for 
governing, at least in part, at least one 
aspect of use of said first protected content 
file while said first protected content file is 
contained in said first secure container 
arrangement; 



The first protected content is signed and 
licensed .NET component (first secure 
container) contained within the .NET 
assembly. The one control is a declarative 
statement(s) within the assembly's header. 



creating a second secure container 
arrangement having a second set of 
controls associated therewith, said second 
5et of controls governing, at least in part, at 
[east one aspect of use of any protected 
content file contained within said second 
secure container arrangement; 



The protected content is the same as the 
first protected content plus the additional 
implementation information included in the 
signed .msi file. The second secure 
container is the signed .msi file created for 
the .NET assembly. The signed .msi file's 
conditional syntax statements are the 
second set of controls that control the 
offer/installation of the .NET assembly. 



transferring at least a portion of said first 
Drotected content file to said second secure 
;ontainer arrangement, said portion made 
jp of at least some of said first protected 
:ontent file; and 



The entire .NET assembly is included in 
the signed .msi file. 

Packaging the .NET assembly in the signed 
.msi file involves the following process 
steps. In preparation for using a msi 
authoring tool, such as Microsoft's Orca, 
copying the .NET component to a package 
staging area. Using msi authoring tool to 
import the .NET component into the signed 
.msi file. 



jsing at least one rule to govern at least one 
ispect of use of said first protected content 
He portion while said portion is contained 
-vithin said second secure container 
urajigerneni; 



The conditional syntax statement(s) of the 
signed .msi file (second secure container) 
control(s) the offer/installation of the .NET 
assembly. 



n which 



;aid first secure container arrangement 
comprises a third secure container 



The first alternative for the third secure 
container is a licensed and signed .NET 



Exhibit B ij 
121 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



arrangement comprising a third set of 
controls and said first protected content 
file, and 



component governed by the set of 
declarative statements comprising the 
LicenseProviderAttribute (third set of 
controls). 

The second alternative for the third secure' 
container is a .NET component whose hash 
is included in the header of the .NET 
assembly. The set of declarative 
statements comprising the 
LicenseProviderAttribute is the third set of 
controls. ; 



said first secure container arrangement 
fiirther comprises a fourth secure container 
arrangement comprising a fourth set of 
controls and a second protected content 
file. 



The first alternative for the fourth secure 
container is another licensed and signed 
.NET component governed by the set of 
declarative statements comprising the 
LicenseProviderAttribute (fourth set of 
controls). 

The second alternative for the fourth secure 
container is the container created when the 
hash of the .NET component is included in 
the header information of the .NET 
assembly. The set of declarative 
statements comprising the 
LicenseProviderAttribute is the fourth set 
of controls. 
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33. 



Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology. 



\ data processing arrangement comprising 
it least one storing arrangement that at 
east temporarily stores a first secure 
:ontainer comprising first protected data 
ind a first set of rules governing use of said 
Irst protected data, 



nd at least temporarily stores a second 
ecure container comprising second 
rotected data different from said first 
rotected data and a second set of rules 
oveming use of said second protected 
ata; and 



The first protected information is the .NET 
component. 

The first alternate for the first secure 
container is the signed .msi file in which 
the .NET component developer packaged 
its .NET component. The first set of rules 
is the conditional syntax statements cf the 
signed .msi file. 

The second alternative for the first secure 
container is a licensed and signed .NET 
component governed by the set of 
declarative statements comprising the 
LicenseProviderAttribute of the .NET 
component (first set of controls). 

The third alternative for the first container 
is a signed cabinet file containing a (signed 
or unsigned) .NET component with license 
support. The first set of controls is the set 
of declarative statements comprising the 
LicenseProviderAttribute of the .NET 
component. 

The second protected data is the .NET 
assembly developer's assembly that 
includes/uses the .NET component. 

The first alternative for the second secure 
container is a signed .msi file in which the 
,NET assembly developer packaged its 
multi-file assembly (second protected 
data). The second set of rules is the 
conditional syntax statements of the signed 
.msi file that governs the offer/installation 
of the .NET assembly. 

The second alternative for the second 
secure container is a signed .NET 
assembly. The second set of rules is the 
declarative rules within the assembly's 
header. ____ 



data transfer arrangement, coupled to at 
:ast one storing arrangement, for 



The third secure container is a signed .NET 
assembly governed by declarative rules in 
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transferring at least a portion of said first 
protected data and a third set of rules 
governing use of said portion of said first 
protected data to said second secure 
container, 



its header (third set of rules). An 
alternative third rule set is the set of 
declarative statements comprising the 
LicenseProviderAttribute. The .NET 
assembly includes the .NET component. , 
The secure .NET assembly is included in a 
signed .msi file (second secure container). 

An alternative third secure container is the 
container created by hashing the .NET 
component and including the hash in the 
header information of a .NET assembly. 
The .NET component is included in the 
signed and governed .NET assembly 
(second secure container). The third set of 
rules is the set of declarative statements 
comprising the LicenseProviderAttribute. 

An alternative third secure container is a 
signed cabinet file containing the .NET 
component and which is destined for a 
signed .msi file (second secure container). 
The third set of rules is the set of 
declarative statements comprising the 
LicenseProviderAttribute. 



further comprising 



means for creating and storing, in said at 
least one storing arrangement, a third 
secure container; 



said data transfer arrangement further 
comprising means for transferring said 
portion of said first protected data and 
said third set of rules to said third secure 
container, and means for incorporating 
said third secure container within said 
second secure container. 



The first alternative for the third secure 
container is a signed .NET assembly. In 
this case, the second secure container is the 
signed .msi file. 

The second alternative for the third 
container is the container created by 
including a hash of the .NET component in 
the header information of a .NET assembly. 
In this case, the second secure container is 
either the signed .msi file or the signed 
.NET assembly. 

The third alternative for the third container 
is a cabinet file signed by the .NET 
assembly developer containing the .NET 
assembly and/or the .NET component. In 
this case the signed .msi file is the second 
secure container. 



The first alternative for the third secure 
container is the signed .NET assembly, 
which includes and/or uses the licensed 
NET component (first protected 
information). The third set of rules is a 
declarative rule within the .NET 
assembly's header. The .NET assembly is 
placed in a signed .msi file (second secure 
container). 
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The second alternative for the third secure 
container is the container that results when 
the hash of the .NET component is added 
to the .NET assembly header information. 
The third set of rules is the set of 
declarative statements comprising the 
LicenseProviderAttribute added to the 
assembly. 

The third alternative for the third secure 
container is a cabinet file signed by the 
.NET assembly developer containing the 
.NET assembly and/or the .NET 
component The third set of rules is a 
declarative rule(s) within the .NET 
assembly's header and/or the set of 
declarative statements comprising the 
LicenseProviderAttribute added to the 
assembly , 



4. A data processing arrangement as in 
laim 33 further comprising means for 
pplying said third set of rules to govern at 
*ast one aspect of use of said portion of . 
aid first protected data. 



When the third rule set is the declarative 
statement(s) of the assembly header, the 
runtime CLR enforces the statements. 

When the third set of rules is the set of 
declarative statements comprising the 
LicenseProviderAttribute added to the 
assembly, the license support code in the 
.NET component evaluates the authenticity 
of the calling assembly's request. 



5. A data processing arrangement as in 
laim 34 further comprising means for 
pplying said second set of rules to govern 
t least one aspect of use of said portion of 
aid first protected data. 



When the second set of rules is the 
conditional syntax statements of the signed 
.nasi file, the Windows Installer operating 
system service enforces the conditional 
syntax statements of.NET assembly's 
signed .msi file, which govern the 
offer/installation of the .NET component. 

When the second set of rules is the 
declarative statement(s) within the 
assembly's header, the runtime CLR 
enforces the statements. 
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41. 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology. 


A method comprising performing the 
following steps within a virtual distribution 
environment comprising one or more 
electronic appliances and a first secure 
container, said first secure container 
comprising (a) a first control set, and 

(b) a second secure container comprising a 
second control set and first protected 
information: 


The Signed .msi file created by the .NET 
component developer is the first secure 
container. The first conditional syntax 
statement(s) of the .NET component 
developer's signed .msi file is/are the first 
control set. 

The first protected information is the .NET 
component. 

The first alternative for the second secure 
container is the signed and licensed .NET 
component. The second control set is the 
set of declarative statements comprising the 
LicenseProviderAttribute. 

The second alternative for the second 
secure container is a signed cabinet file. 
The second control set remains the set of 
declarative statements comprising the 
LicenseProviderAttribute. 


using at least one control from said first 
control set or said second control set to 
govern at least one aspect of use of said 
first protected information while said first 
protected information is contained within 
said first secure container; 


The .NET component developer's 
conditional syntax statements (first control 
set) in its signed .msi file governs the 
offer/installation of the .NET component 
while it is in the signed .msi file- 
Alternately, the set of declarative 
statements comprising the 
LicenseProviderAttribute (second control 
set) of the licensed .NET component 
governs use of the .NET component. 


creating a third secure container 
comprising a third control set for governing 
at least one aspect of use of protected 
information contained within said third 
secure container; 


The first alternative for the third secure 
container is a signed .NET assembly, the 
protected information is the .NET 
component and the third control set is the 
declarative statement(s) within the .NET 
assembly's header. 

The second alternative for the third secure 
container is a signed .msi file in which the 
.NET assembly developer packages its 



.NET assembly and the third conirol set is 
the conditional syntax statement(s) in the 
siened .msi file. • 
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incorporating a first portion of said first 
protected information in said third secure 
container, said first portion made up of 
some or all of said first protected 
information; and 


In the first alternative, placing the .NET 
component into the signed .NET assembly. 

In the second alternative, placing the .NET 
component into the. Net assembly 
developer's signed msi file. 


using at least one control to. gpvern at least 
one aspect of use of said first portion of 
said first protected information while said 
first portion is contained within said third 
secure container. 


In the first alternative, the .NET assembly 
developer's declarative statement(s) within 
the .NET assembly's header govern(s) the 
use of the .NET component while- it is in 
the signed .NET assembly. 

In the second alternative, the conditional 
syntax statements of the .NET assembly 
developer's signed .msi file govern the 
offer/installation of the .NET component 
while it is in the signed .msi file. 




42. A method as in claim 41, in which said 
first secure container further includes a 
fourth secure container comprising a fourth 
control set and second protected 
information and further comprising the 
following step: 


The second protected information is/a 
secono .ind j coinpuiJciH. 

The first alternative for the fourth secure 
container is the signed and licensed second 
.NET component. The fourth control set is 
the set of declarative statements comprising 
the LicenseProviderAttribute of the second 
.NET component. 

The second alternative for the fourth secure 
container is a second signed cabinet file. 
The fourth control set is the set of 
declarative statements comprising the 
LicenseProviderAttribute. 


using at least one control from said first 
control set or said fourth control set to 
govern at least one aspect of use of said 
second protected information while said 
second protected information is contained 
within said first secure container. 


The .NET component developer's 
conditional syntax statements (first .control 
set) in its signed .msi file governs the 
offer/installation of the second .NET 
component while it is in the signed .msi 
file. 

Alternately, the set of declarative 
statements comprising the 
LicenseProviderAttribute (fourth control 
set) of the licensed second .NET 
component governs use of the second .NET 
component. 




47. A method as in claim 41, in which said 
step of creating a third secure container 
includes: 




creating said third control set by 
incorporating at least one control not found 
in said first control set or said second 
control set. 


The .NET assembly developer's declarative 
statements (first alternative for third control 
set) and/or the developer's conditional 
syntax statements (second alternative for 
the third control set) are not found in either 
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the first control set or the second control 
set. 


2 




3 
4 


52. A method as in claim 41 in which said 
step of creating a third secure container 
occurs at a first site, ^nd further 
comprising: 




5 
6 


copying or transferring said third. secure 
container from said first site to a second 
site located remotely from said first site. 


The .NET assembly developer at first site * 
distributes its assembly to other sites. 






7 
8 


53. A method as in claim 52 in which said 
first site is associated with a content 
distributor. _ 


The .NET assembly developer's business 
module is used to create and distribute its 

assembly. 




9 
10 


54. A method as in claim 53 in which said 
second site is associated with a user of 
content. 


The .NET assembly developer distributes . 
the assembly to end-users. 




1 1 
1 1 


55. A method as in claim 54 further 
comprising the following step: 




12 


said user directly or indirectly initiating 
communication with said first site. 


For Internet downloads, the user initiates 
the communication with the first site. 


13 




14 
15 
16 


64. A method as in claim 54 in which said 
third control set includes one or more 
controls at least in part governing the use 
by said user of at least a portion of said 
first portion of said first protected 
information. 


When the third control set is the .NET 
assembly developer's declarative 
statement(s) within the .NET assembly's 
header, it governs the user's use of the 
.NET component (first protected 
information). 


17 
18 

J O 

19 
20 




When the third control set is the .NET 
assembly developer's conditional syntax 
statements of the .NET assembly 
developer's signed .msi file, it governs the 
user's offer acceptance/installation of the 
.NET component (first protected 
information}. 






21 
22 

23 

24 

25- 

26 

27 

28 


76. A method as in claim 41 in which said 
creation of said third secure container 
further comprises using a template which 
specifies one or more of the controls 
contained in said third control set. 


When the third secure container is the 
.NET assembly developer's signed .msi file 
and the third control set is the conditional 
syntax statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The UlSample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements 
directly govern the installation by blocking 
progress until the EULA is accepted. 
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78. A method as in claim 52 in which said 
creation of said third secure container 
further comprises using a template which 
specifies one or more of the controls 
contained in said third control set. 



When the third secure container is the 
.NET assembly developer's signed .msi file 
and the third control set is the conditional 
syntax statements in that file. 

Microsoft supplies several template .msi 
databases for use in authoring installation 
packages. The UJSample.msi is the 
template recommended in the "An 
Installation Example" on MSDN. This 
template msi files contains several default 
conditional syntax statements. At least two 
of these conditional syntax statements " 
directly govern the installation by blocking 
progress until the EULA is accepted. 
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81. 



A data processing arrangement comprising: 



a first secure container comprising first 
protected information and a first rule set 
governing use of said first protected 
information; 



Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology. 



The first protected information is the .NET 
component. 

The first alternative for the first secure 
container is the signed .msi file in which 
the .NET component developer packaged 
its assembly. The first rule set is the 
conditional syntax statements written by 
the .NET component developer and placed 
into the signed .msi file. 

The second alternative for the first secure 
container is the signed cabinet file 
containing the (signed or unsigned) .NET 
component. The set of declarative 
statements comprising the 
LicenseProvider Attribute when its 
developer added licensing support to the 
assembly is the first rule set. 

The third alternative for the first secure 
container is the licensed and signed .NET 
component governed by the set of 
declarative statements comprising the 
LicenseProviderAttribute (first rule set) 
added by the .NET component developer. 



a second secure container comprising a 
second rule set; 



The first alternative for the second secure 
container is the signed .msi file in which 
the .NET assembly developer packaged its 
.NET assembly. The second rule set is the 
conditional syntax statements written by 
the .NET assembly developer and placed 
into the signed .msi file. 

The second alternative for the second 
secure container is the signed .NET 
assembly. The second rule set is the 
declarative statements in the .NET 
assembly's header. 



means for creating and storing a third 
secure container; and 



When the second secure container is the 
signed msi file, the third secure container is 
the signed .NET assembly. 

When the second secure container is the 
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signed .NET assembly, the third secure 
container a .NET component secured by . 
placing it in a signed cabinet file or by 
including its hash in the header of the 
assemblv. 


means for copying ortransferring at least a 
portion of said first protected;information 
and a third rule set governing :u$e of said 
portion of said first protected information 
to said second secure container, said means 
for copying or transferring comprising: 


When the second secure container is the 
signed msi file and the third secure . 
container is the signed .NET assembly, the 
third rule set is the set of declarative ■ 
statements within the assembly's header. 

When, the second secure container is the 
signed .NET assembly, the third rule set is 
the set of declarative statements comprising 
the LicenseProviderAttribute (third rule 
set) added to the .NET component by its 
developer. 


means. for incorporating said third 
secure container within said second 
secure container. 


When the second secure container is the 
signed msi file and the third secure , 
container is the signed .NET assembly, the 
assembly is placed in the signed .msi file. 

When the second secure container is the 
signed .NET assembly and the third secure 
container is a .NET component contained 
in a signed cabinet file or a .NET 
component whose hash is included in the 
header of the assembly, the third secure 
container is incorporated within the .NET 
assembly. 




82. A data processing arrangement as in 
claim 81 further comprising: 




means for applying at least one rule from 
said third rule set to at least in part govern 
at least one factor related to use of said 
portion of said first protected information. 


When the third rule set is declarative 
statements within the assembly's header, it 
governs the use of the .NET assembly 
which includes the first protected 
information. 

When the third rule set is the set of 
declarative statements comprising the 
LicenseProviderAttribute added by the 
.NET component by its developer, it 
ensures the user is licensed. 




83. A data processing arrangement as in 
claim 82 further comprising: 




means for applying at least one rule from 
said second rule set to at least in part 
govern at least one factor related to use of 
said portion of said first protected 
information. 


When the second rule set is the conditional 
syntax statements written by the .NET 
assembly developer and placed into the 
signed .msi file, it governs the 
offer/installation of the .NET component. 

When the second rule set is the declarative 
statements in the .NET assembly's header. 
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it governs the use of the .NET assembly, 
which includes the first protected 



information 
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85. A method comprising the following 
steps: 



Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology. 



creating a first secure container comprising 
a first rule set and first protected 
information; 



The first protected information is the .NET 
component. 

The first secure container is a signed .NET 
component (first protected information) 
governed by the set of declarative 
statements comprising the 
LicenseProviderAttribute (first rule set). 

The second alternative for the first secure 
container is a cabinet file signed by the 
.NET component developer containing a 
(signed or unsigned) .NET component with 
license support. The first rule set is the set 
of declarative statements comprising the 
LicenseProviderAttribute. 



storing said first secure container in a first 
memory; 



The first secure container is stored at the 
.NET component developer's location. 



creating a second secure container 
comprising a second rule set; 



The first alternative for the second secure 
container is a signed .NET assembly and 
the second rule set is declarative 
statement(s) within the assembly's header. 

The second alternative for the second 
secure container is the signed .msi file in 
which the .NET assembly developer 
packages its (signed or unsigned) 
assembly. The second rule set is the 
conditional syntax statement(s) written by 
the .NET assembly developer and placed 
into the signed .msi file. 



itoring said second secure container in a 
;econd memory; 



The second secure container is stored at the 
NET assembly developer's location. 



copying or transferring at least a first 
)ortion of said first protected information 
o said second secure container, said 
copying or transferring step comprising: 



The .NET component developer packages 
its module in a signed .msi file for 
distribution to the .NET assembly 
developer's site. 



:reating a third secure container 
comprising a third rule set; 



The third secure container is the signed 
.msi file in which the NET component 
developer packaged its .NET component. 
The third control set is the conditional 
syntax statements written by the .NET 
component developer and placed into the 
signed .msi file. 



copying said first portion of said 



In preparation for using a msi authoring 
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first protected information; 



transferring said copied first portion 
of said first protected information to 
said third secure container; and 



copying or transferring said copied 
first portion of said first protected 
information from said third secure 
container to said second secure 
container. 



tool, such as Microsoft's Orca, copying the 
.NET component to a package staging area. 



bl component to a pacKage staging area. 
using the msi authoring tool to import the 
.NET component into the signed .msi file. 



The .NET assembly developer installs the' 
.NET component, which involves 
removing it from the .NET component 
developer's signed .msi file and installing it 
into its environment. Subsequently, the 
.NET assembly developer places the .NET 
component into its .NET assembly arid/or 
signed ,msi file when it is packaging its . 
.NET assembly. 



87. A method as in claim 85 in which said 
copied first portion of said first protected 
information consists of the entirety of said 
first protected information. 



The entire .NET component is copied. 



89. A method as in claim 85 in which 



said first memory is located at a first site, 



said second memory is located at a second. 
site remote from said first site, and 



said step of copying or transferring said 
first portion of said first protected 
information to said second secure container 
further comprises copying or transferring 
said third secure container from said first 
site to said second site. [ 



The first memory is located at the .NET 
component developer's site. 



The second memory is located at the .NET 
assembly developer's site. 



The .NET component developer's signed 
.msi file is transferred from its site to the 
site of the .NET assembly developer. 



94. A method as in claim 85 further 
comprising: 



creating a fourth rule set. 



When the second secure container is not a 
signed .NET assembly, the fourth rule set is 
declarative statements within the 
assembly's header. 

When the second secure container is not 
the signed .msi file in which the .NET 
assembly developer packages its (signed or 
unsigned) assembly, the fourth rule set is 
the conditional syntax statements written 
by the .NET assembly developer and 
placed into the signed .msi file. 
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85 (alternate infringing scenario) 




A method comprising the following steps: 


Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology. 


creating a first secure container comprising 
a first rule set and first protected 
information; 


The first protected information is the .NET 
component. 

The first alternative for the first secure 
container is the signed and licensed .NET 
component. The first rule set is the set of 
declarative statements comprising the 
LicenseProviderAttribute in the .NET 
component. 

The second alternative for the first secure 
container is a (signed or unsigned) .NET 
component with license support contained 
within a cabinet file signed by the .NET 
component developer. The first rule set is 
the set of declarative statements comprising 
the LicenseProviderAttribute in the .NET 
component. 

The third alternative for the first secure 
container is the signed .msi file in which 
the .NET component developer packaged 
its assembly. The first rule set is the 
conditional syntax statements written by 
the .NET component developer and placed 
into the signed .msi file. 


storing said first secure container in a first 
memory; 


The first secure container is stored at the 
.NET component developer's location. 


creating a second secure container 
comprising a second rule set; 


The first alternative for the second secure 
container is a signed .NET assembly and 
the second rule set is declarative 
statement(s) within the assembly s header. . 

The second alternative for the second 
secure container is the signed .msi file in 
which the .NET assembly developer 
packages its (signed or unsigned) 
assembly. The second rule set is the 
conditional syntax statement(s) written by 
the .NET assembly developer and placed 
into the sioned .msi file. 


storing said second secure container in a 
second memory; 


The second secure container is stored at the 
.NET assemblv developer's location. 


coovine or transferring at least a first 


The .NET assembly developer places the 
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portion of said first protected information 
to said second secure container, said 
copying or transferring step comprising: 


.NET component into the third secure 
container, which is either a signed cabinet 
file or a signed .NET assembly. 


creating a third secure container 
comprising a third rule set; 


When the second secure container is the 
signed .msi file, the third secure container, 
is the signed .NET assembly. The third 
rule set is the declarative statement(s) in 
the .NET assembly's header. . . 

When the second secure container is either 
a .NET assembly or the signed .msi file, the 
third secure container is a signed cabinet 
file in which the .NET assembly developer 
placed licensed .NET component. The 
third rule set is the set of declarative 
statements comprising the 
LicenseProviderAttribute in the .NET 
component. 


copying said first portion of said 
first protected information; 


Copying the .NET component to either the 
.NET assembly or to the signed cabinet 
file. 


transferring said copied first portion 
of said first protected information to 
said third secure container; and 


Transferring the .NET component to either 
the .NET assembly or the signed cabinet 
file. 


copying or transferring said copied 
first portion of said first protected 
information from said third secure 
container to said second secure 
container. 


When the second secure container is the 
signed .msi file and the third secure 
container is the signed .NET assembly, the 
.NET assembly is placed into the signed 
.msi file. 

When the second secure container is either 
the .NET assembly or. the signed .msi file 
and the third secure container is the signed 
cabinet file, the signed cabinet file is placed 
into either the .NET assembly or the signed 
.msi file. 




87. A method as in claim 85 in which said 
copied first portion of said first protected 
information consists of the entirety of said 
first Drotected information. 


The entire .NET component is copied. 




93. A method as in claim 85 in which 




said step of copying transferring said 
copied first portion of said first protected 
information from said third secure 
container to said second secure container 
further comprises storing said third secure 
container in said second secure container. 


When the third secure container is the 
signed .NET assembly, it is placed in the 
signed .msi file. 

When the third secure container is a signed 
cabinet file, it can be placed in either the 
.NET assembly and/or the signed .msi file. 




94. A method as in claim 85 furthei 
comprising: 


i 
i 


creating a fourth rule set. 


When the second rule set is declarative 
statement^ within the assembly's header. 


:i 
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the fourth rule set is the conditional syntax 
statement(s) written by the .NET assembly 
developer arid placed into the signed .msi 
file. 

When the second rule set is the conditional 
syntax statement(s) written by the .NET 
assembly developer and placed into the 
signed .msi file, the fourth rule set is 
declarative statement(s) within the 
assembly's header or the set of declarative 
statements comprising the 
LicenseProviderAttribute in the .NET 
component. ■• 



'5. A method as in claim 94 further 
omprising: 



sing said fourth rule set to govern at least 
ne aspect of use of said copied first 
ortion of said first protected information. 



If the fourth rule set is the .NET assembly 
developer's declarative statement(s) within 
the .NET assembly's header, it governs the 
use of the .NET component. 

If the fourth rule set is the conditional 
syntax statements of the .NET assembly 
developer's signed .msi file, it governs the 
offer/installation of the .NET component. 
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85 (second alternate scenario for .NET) 



24 
25 



26 



27 



28 



A method comprising the following steps: 



creating a first secure container comprising 
a first rule set and first protected 
information; 



Infringing products include the .NET 
Framework SDK, Microsoft Visual Studio 
.NET, the Microsoft Installer SDK, and 
products that include the Microsoft .NET 
CLR, and the Microsoft Installer 
technology . 



storing said first secure container in a first 
memory: 



creating a second secure container 
comprising a second rule set; 



storing said second secure container in a 
second memory: 



copying or transferring at least a first 
portion of said first protected information 
to said second secure container, said 
copying or transferring step comprising: 



The first protected information is a .NET 
component. 

The first alternative for the first secure 
container is the signed and licensed .NET 
component. The first rule set is the set of 
declarative statements comprising the 
LicenseProviderAttribute in the .NET 
component. 

The second alternative for the first secure 
container is a (signed or unsigned) .NET 
component with license support contained 
within a cabinet file signed by the .NET 
assembly developer. The first rule set is 
the set of declarative statements comprising 
the LicenseProviderAttribute in the .NET 
component. 

The third alternative for the first secure 
container is a .NET component whose hash 
is included in the assembly header of a 
.NET assembly. The first rule set is the set 
of declarative statements comprising the 
LicenseProviderAttribute in the .NET 
component. 



The first secure container is stored at the 
,NET assembly developer's location 



The second secure container is the signed 
.msi file in which the .NET assembly 
developer packages its signed assembly. 
The second rule set is the conditional 
syntax statement(s) written by the .NET 
assembly developer and placed into the 
signed .msi file. 



The second secure container is stored at the 
.NET assembly developer's location. 



creating a third secure container 
comprising a third rule set: 



The .NET assembly developer places the 
.NET component into the third secure 
container, which is the signed .NET 
assembiy 



The third secure container is a signed .NET 
assembly and the third rule set is 
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declarative statement(s) within the 
assembly's header. 



copying said first portion of said 
first protected information: 



Copying the .NET component to the .NET 
assembly. 



transferring said copied first portion 
of said first protected information to 
said third secure container; and 



Transferring the .NET component to the 
.NET assembly. 



copying or transferring said copied 
first portion of said first protected 
information from said third secure 
container to said second secure 
container. 



When the second secure container is the 
signed .msi file and the third secure 
container is the signed .NET assembly, the 
.NET assembly is placed into the signed 
.msi file. 



?7. A method as in claim 85 in which said 
:opied first portion of said first protected 
nfbrmation consists of the entirety of said 
Irst protected information. 



The entire .NET component is copied. 



X). A method as in claim 85 in which 



;aid first memory and said second memory 
u-e located at the same site. 



First and second memory is at the .NET 
assembly developer's location. 



>3. A method as in claim 85 in which 



aid step of copying transferring said 
:opied first portion of said first protected 
nformation from said third secure 
ontainer to said second secure container 
urther comprises storing said third secure 
ontainer in said second secure container. 



When the third secure container is the 
signed .NET assembly, it is placed in the 
signed .msi file. 
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96. A method comprising performing the 
following steps within a virtual distribution 
environment comprising one or more 
electronic appliances and a first secure 
container, said first secure container 
comprising a first control set and first 
protected information: 



A signed and licensed .NET component 
(first container) is part of a .NET assembly 
(second container), which is packaged in a 
signed .msi file (third container). 



using at least one control from said first 
control set to govern at least one aspect of 
use of said first protected information 
while said first protected information is 
:ontained within said first secure container; 



The first secure container is a licensed and 
signed .NET component governed by the 
set of declarative statements comprising the 
LicenseProviderAttribute (one control). 



:reating a second secure container 
:omprising a second control set for 
governing at least one aspect of use of 
protected information contained within said 
second secure container; 



The second secure container is a .NET 
assembly, the protected information is the 
assembly and the second control set- is 
declarative statement(s) within the 
assembly's header. 



ncorporating a first portion of said first 
protected information in said second secure 
:ontainer, said first portion made up of 
;ome or all of said first protected 
nformation; 



Included in the .NET assembly is the .NET 
component. 



ising at least one control to govern at least 
me aspect of use of said first portion of 
;aid first protected information while said 
irst portion is contained within said second 
ecure container; and . ' . 



The declarative statement(s) govern the use 
of the .NET component and the custom 
LicenseProvider class (first control set) 
controls the .NET component. 



ncorporating said second secure container 
xmtaining said first portion of said first 
>rotected information within a third secure 
ontainer comprising a third control set. 



The third secure container is the signed 
.msi file in which the .NET assembly 
developer packages its assembly. The third 
control set is the conditional syntax 
statements written by the assembly 
developer and placed into the signed .msi 
file. 
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Infringement is based on Microsoft's Visual. Studio 
.NET and/or the .NET Framework licensing tools (in 
the.NET Framework SDK) and/or Microsoft Installer 
SDK.. 



\ system for supporting electronic 
:ommerce including: 



neans for creating a first secure control 
;et at a first location; 



The first location is a .NET component developer's 
site. .. 
The first secure control set is the set of declarative 
statements comprising the LicenseProvider Attribute of 
a first .NET licensed component that provides for a 
design-time license to use the controL This attribute 
also specifies the type of license validation that occurs. 
The component is encapsulated in a signed .NET 
assembly 



neans for creating a second secure 
;ontrol set at a second location; 



The second location is the .NET application 
developer's site where a .NET application comprising 
one or more assemblies is created. 

The second secure control set comprises the 
declarative statement(s) (including licensing 
statements, and code access security statements) of a 
signed .NET assembly using or calling the first .NET 
component. The control set can include a set of 
security permissions demanded by the .NET assembly 
containing the licensed component, whereby the 
permissions are demanded of components that call the 
application components. The control set can also be 
extended by controls expressed as conditional syntax 
statements in a signed .msi file containing a click 
through end^user license (the end-user license 
scenario). 



neans for securely communicating said 
irst secure control set from said first 
ocation to said second location; and 



The first .NET control set is securely communicated 
from the first location developer to the .NET solution 
provider by either being contained in a signed 
assembly, within a signed cabinet file or within a 
signed .msi file. 



neans at said second location for 
ecurely integrating said first and 
econd control sets to produce at least a 
bird control set comprising plural 
lements together comprising an 
lectronic value chain extended 
greement. 



At the second location, the solution developer uses the 
.NET runtime that includes the LicenseManager. 

Whenever a class (control or component) is 
instantiated (here, an instance of the first .NET 
licensed component), the license manager accesses the 
proper validation mechanism for the control or 
componeni. A value chain is created through the 
creation of a run-time license for use of the first .NET 
component in the context of use of the .NET 
application developed at the second location. The 
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license controls for the runtime license (derived from 
the design time license) are bound into the header of 
the .NET application assembly, along with the second 
control set. 

The creation of runtime license controls is securely 
handled by Visual Studio.NET or the LC tool. 
Runtime licenses are embedded into (and bound to) 
the executing assembly. The license control attribute 
included in the first .NET component is customized in 
the second location to express and require the runtime 
license. In a different scenario, the LC tool is used to 
create a ".licenses file" containing licenses for 
multiple components, including runtime licenses for 
components and classes created by the license . 
provider. This .licenses file is embedded into the 
assembly. 

The third control set is an extended value chain 
agreement that comprises ihe runtime license comrois 
for the first .NET licensed class (that had been bound 
to the assembly), the declarative controls provided by 
the solution provider in the solution provider's 
assembly, and any runtime licenses for other 
components included by the solution provider in the 
solution provider's assembly, and any end user license 
agreement provided by the application provider. The 
controls are typically integrated into the header of the 
.NET application assembly calling the first .NET 
licensed component. 

A further "end user licensing scenario" occurs when, 
at the second location, the application developer 
packages the application into a signed .msi file that 
includes conditional syntax statement controls that 
require that a user read and agree to an end user 
license agreement for the application and the 
embedded first component. The third control set 
includes a plurality of elements that include the run- 
time licenses mentioned above, security permissions 
controls, EULA controls (a fourth control set), all 
securely bound into the signed .msi file. 



1 1. A system as in claim 2 in which said 
first location and said second location are 
:ontained within a Virtual Distribution 
Environment. 



The Microsoft .NET Framework provides a 
Virtual Distribution Environment. Here the 
nodes are the Common Language Runtime 
instances that interpret the controls 
contained within .NET assemblies (among 
other functions). 



29. A system as in claim 2 in which said 
first secure control set includes required 



The licensing control in the first control set 
specifies the method required to validate 
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terms. 


the license. 


2 
3 




32. A system as in claim 2 in which said 
second secure control set includes required 
terms. 


The security permissions demanded (as 
described above) are required terms for 
execution of the application code elements. 


4 
5 
6 
7 
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60. A system as in claim 2 in which said 
means for securely integrating said first and 
second control sets includes a fourth 
control set. 


In the scenario where the application 
assembly is distributed using a signed .msi 
file, the secure integration of the first and 
second control sets is enhanced by the 
tamper protection afforded by the signed 
.msi file. In the end user license scenario, a 
fourth control set consisting of conditional 
syntax statements is included in the .msi 
file. 


9 




10 
11 


130. A system as in claim 2 further 
including means for executing said third 
control set within a protected processing 
environment. 


The third control set is executed under the 
auspices of the CLR 




12 
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1 32. A system as in claim 130 in which 
said protected processing environment is 
located at a location other than said second 
location. 


The third control set is executed at an end- 
user site within the CLR. 


14 




15 
16 
17 


1 6 1 . A system as in claim 2 in which said 
third control set includes controls 
containing human-language terms 
corresponding to at least certain of the 
machine-executable controls contained in 
said third control set. 


In the end user license scenario, the third 
control set includes a fourth control set that 
requires that the human user agree with 
license terms displayed to the user. These 
human readable terms are referenced in the 
conditional syntax statement controls 
contained in the siened .msi file. 


18 
19 


162. A method as in claim 161 in which 
said human-language terms are contained 
in one or more data descriptor data 
structures. 


The .msi file is a data descriptor data 
structure. 


20 
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1 70. A system as in claim 2 in which said 
means for creating a first secure control set . 
includes a protected processing 
environment. 


The creation of the first licensed 
component, including its licensed controls 
is carried out under the auspices of the 
CLR. 






23 
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171. A system as in claim 2 in which said 
means for creating a second secure control 
set includes a protected processing 
environment. 


The application design time environment 
and the creation of the .NET application is 
carried out under the auspices of the CLR. 


25 




26 

27 


1 72. A system as in claim 2 in which said 
means at said second location for securely 
integrating includes a protected processing 
environment. 


The means for integrating the runtime 
license with the application controls is 
carried out under the auspices of the CLR. 






28 


329. A svstem as in claim 2 in which said 


VS.NET runs under Windows. 
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means for creating a first secure control set 
includes an operating system based on or 
compatible with Microsoft Windows. 



330. A system as in claim 2 in which said 
means for creating a second secure control 
set includes an operating system based on 
or compatible with Microsoft Windows. 



VS.NET runs under Windows. 
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33 1. A system as in claim 2 in which said 
means at said second location for securely 
integrating said first and second control 
sets includes an operating system based on 
I or compatible with Microsoft Windows. 



VS.NET runs under Windows. 



346. A system as in claim 2 further 
comprising means by which said third 
[ control set governs the execution of at least . 
one load module. 



The third control set in the scenario 
described in the claim map for claim 2 
governs a portable .NET executable 
designed to be loaded into the CLR * 
environment fa CLR host) . 
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347. A system as in claim 2 farther 
comprising means by which said third 
1 3 || control set governs the execution of at least 
one method. 

14 



The third control set in the scenario 
described in the claim map for claim 2 
governs a .NET executable. This 
executable contains one or more methods. 



349. A system as in claim 2 further 
comprising means by which said third 
control set governs the execution of at least 
one procedure. 



The third control set in the scenario 
described in the claim map for claim 2 
governs a .NET executable. This 
executable contains one or more 
procedures. 
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CLAIM LANGUAGE 



^; CL A IM -OF- INFRITsI GEM ENT 



18. 



Infringing products include Microsoft SMS 
(Systems Management Server) 2.0 and 
subsequent versions. * ■ 



\ method for narrowcasting selected 
iigital information to specified 
ecipients, including: 



The receiving appliance is the client (e.g., end 
user computer in an Enterprise setting) 
receiving digital information (packages and/or 
advertisement files) from the sending 
appliance, the centralized SMS database via a 
Client Access Point and/or Distribution Point 
set up on a server. 



i) at a receiving appliance, receiving 
selected digital information from a 
sending appliance remote from the 
receiving appliance, 



the receiving appliance having a 
secure node and being associated 
with a specified recipient; 



The "node" is "secure" as a result of SMS 
security, as well as how it identifies and selects 
clients. 

The "specified recipient" is the result of the 
collection identifying a specific client that 
meets the criteria for a package or 
advertisement. 



i) the digital information having 
een selected at least in part based on 
le digital information's membership in 
first class, wherein the first class 
lembership was determined at least in 
art using rights management 
iformation; and 



The digital information is a software package 
or advertisement. The "first class membership 
was determined in part using rights 
management information" reads on creating 
software packages (or advertisements) based 
on attributes of the software. 



ii) the specified recipient having 
een selected at least in part based on 
lembership in a second class, wherein 
ie second class membership was 
etermined at least in part on the basis 
f information derived from the 
pecified recipient's creation, use of, or 
iteraction with rights management 
iformation: and 



The "specified recipient" is the client selected 
to receive a package or advertisement. That 
recipient is chosen based on a collection rule, 
or on the recipient's possession of a license. 



) the specified recipient using the 
xeiving appliance to access the 
xeived selected digital information in 
:cordance with rules and controls, 
ssociated with the selected digital 
iformation. 



The receiving appliance is the client computer. 
The SMS agents on the client computer 
receive, evaluate and take the appropriate 
action based on rules and controls governing 
the package and/or advertisement (i.e. the 
selected digital information). 



he rules and controls being enforced 



Rules and controls are enforced by Agents on 
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jy. i ne memoa or ciaim ho wnerein 
said received selected digital 
information is at least in part event 
information. 


n,veni iniiJriiJaiion inciuucb oivjo cvcm 
information, including Scheduling Classes . 


63. The method of claim 48 wherein 
said received selected digital 
information is at least in part executable 
software. 


All SMS packages must include a minimum of 
one program. 


/u. l ne memou oi ciaim ho wnerein 
said rules and controls at least in part 
govern usage audit record creation. 


t\ COI1LIU1 gUVClllo VVIJCtllCI a JVlir 

(management information file) is sent back to 
the SMS db after installation is done to report 
on the success or failure of the installation. 


89. The method of claim 48 wherein 
said receiving appliance is a personal 
computer. 


The primary purpose of SMS is to manage 
software on personal computers throughout the 
Enterprise. 
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18. 



\ method for narrowcasting selected 
iigital information to specified recipients, 
ncluding: 



Infringing products include Windows 
Media Player and Windows Media Rights 
Manager 



This claim pertains to Windows Media 
Player with Individualized DRM Client and 
Windows Media Rights Manager used in 
the context of a narrowcast pay-per-view 
(hear) media distribution service., 
simulcast and/or subscription services. 



a) at a receiving appliance, receiving 
;elected digital information from a sending 
ippliance remote from the receiving 
ippliance, the receiving appliance having a 
ecure node and being associated with a 
pecified recipient 



Receiving appliance is a user's PC with 
individualized DRM client (secure node). 
Specified recipient is a user using the 
specific individualized DRM client to 
access and render narrowcast pay-per-view 
media, simulcast and/or subscription 
services for which the user acquires a 
license. 



i) the digital information having been 
elected at least in part based on the digital 
nformat ion's membership in a first class, 
therein the first class membership was 
etermined at least in part using rights 
management information; and 



The digital information is media that is 
narrowcast to licensed recipients. These 
narrowcast streams are licensed to users 
who have acquired licenses and whose PCs 
(appliances) support WMPs that have 
individualized DRM clients. This attribute 
is included in the signed WMA file header 
and is used in the process of acquiring 
licenses for access to the media. Media that 
are licensed to the recipient have their 
licenses bound to the recipient's 
Individualization module. 



ii) the specified recipient having been 
sleeted at least in part based on 
membership in a second class, wherein the 
econd class membership was determined 
t least in part on the basis of information 
erived from the specified recipient's 
reation, use of, or interaction with rights 
management information; and 



The recipient is selected for this content 
based on the fact that the recipient is a 
member of the class of recipients who have 
a license for the narrowcast media and 
whose devices support WMP and 
individualized DRM clients. The 
recipient's machine must indicate support 
for individualization in challenges that are 
sent as part of requests for media in this 
narrowcast class. 



d) the specified recipient using the 
xeiving appliance to access the received 
elected digital information in accordance 
'ith rules and controls, associated with the 
elected digital information, the rules and 
Dntrols being enforced by the receiving 
ppliance secure node. __ 



Recipient's machine uses WMP and the 
individualized DRM client to access the 
narrowcast media in accordance with all 
rules associated with the media and 
contained in the media license - in 
particular, requirements that 
individualization be supported. 
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61. The method of claim 48 wherein said 
received selected digital information is at 
least in part entertainment information. 


The digital information is Windows Media, 
which encodes audio/visual entertainment 
content. 






f>9 "Thp mpthnd of* claim fi\ whprpin ^aid 
entertainment information is at least in part 
music information. 


Rf*ad<5 on narrowest ^Vind^^w^ N/fpdia FHp^ 
that are music or audio/visual. 
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certificate information. 


liie iiccnbc contains a uigiiai ceruiicaie. 

Thp r^t? \A rlipnt iic#»c trif» /*/»rf i fir»;if** in th^ 
1I1C l^Pvjvi L-llClH UoCi LI1C CCIUllCcllC 111 UIC 

license to verify this signature and to verify 
that the header has not been tampered with. 






.72. The method of claim 4 8 wherein said 
rules and controls in part specifying at least 
one clearinghouse acceptable to 
rightsholders. 


The signed header contains at least .one 
URL that indicates to the Windows Media 
Rights Manager the license clearinghouse 
to be used in acquiring licenses. 






75. The method of claim 72 wherein said at 
least one acceptable clearinghouse is a 
rights and permissions clearinghouse. 


This clearinghouse is a license 
clearinghouse responsible for mapping 
rights and permissions onto requested 
content or narrowcasts and binding them to 
the requesting client environment or user of 
this environment. 






89. The method of claim 48 wherein said 
receiving appliance is a personal computer. 


Windows Media Player and the 
Individualized DRM client run on a 
personal computer. 
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?1 



Infringing products include Windows 
Media Player and Windows Media Rights. 
Manager 



\ method for securely narrowcasting 
selected digital information to specified 
ecipients including: 



This claim pertains to Windows Media 
Player with Individualized.DRM Client and 
Windows Media Rights Manager used in 
the context of a narrowcast simulcast, pay- 
per-view (hear) media distribution service, 
and/or subscription services. The content 
is delivered in a Protected Windows Media 
File. 



a) receiving selected digital information in 
i secure container at a receiving appliance 
emote from a sending appliance, the 
eceiving appliance having a secure node, 
he receiving appliance being associated 
v ith a receiving entity 



Narrowcast content is received in a 
Protected Windows Media File. Receiving 
appliance is user's PC with individualized 
DRM client (secure node). 



(i) the digital information having 
been selected at least in part based 
on the digital information's 
membership in a first class, 



The digital information is media that is 
narrowcast to licensed recipients (for 
example, a sold-out concert is narrowcast 
on the Internet to "the class of * licensed (or 
ticketed^ viewers). 



(ii) the first class membership 
having been determined at least in 
part using rights management 
information 



These narrowcast streams are licensed to 
users who have acquired licenses and 
whose PCs (appliances) support WMPs 
that have individualized DRM clients. This 
attribute is included in the signed WMA 
file header and is used in the process of 
acquiring licenses for access to the media. 
Media that are licensed to the recipient 
have their licenses bound to the recipient's 
individualization module. 



d) the receiving entity having been 
elected at least in part based on said 
iceiving entity's membership in a second 
lass, 



The recipient is selected for this content 
based on the fact that the recipient is a 
member of the class of recipients who has a 
license for the narrowcast media. 



(i) the second class membership 
having been determined at least in 
part on the basis of information 
derived from the recipient entity's 
creation, use of, or interaction with 
rights management information 



The recipient class is determined by the 
license bound to the user's device that 
supports WMP and individualized DRM 
clients. The recipient's machine must 
indicate support for individualization in 
challenges that are sent as part of requests 
for media in this narrowcast class. 



;) receiving at the receiving appliance 
lies and controls in a secure container. 



Receives a protected Windows Media File 



(i) the rules and controls having 
been associated with the selected 
digital information; and 



Receives a license that is bound to the file 
as well as to the specific DRM client 
individualization information. 



I) using at the receiving appliance the 
elected digital information in accordance 



Recipient's machine uses WMP and the 
individualized DRM client to access the 
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narrowcast media in accordance with all 
rules associated with the media and 
contained in the media license - in 
particular, requirements that 
individualization be supported. 


(]} the rules and controls hpino 
enforced by the receiving appliance 
secure node. 


i ne wivir ana ukjvi client enlorce the 
rules embedded in the Protected Windows 
Media File License. 






int. ijjcujuu ui cjanii wjiercjn saiu 

fPPPlVPfl ^plppfpH Hioitial infrn-m*atir*« 

lUL-tj vtu otitticu uj^iidi in j urination 
includes entertainment information. 


The digital information is Windows Media, 
which encodes audio/visual entertainment 
content. 






109. The method of claim 91 wherein said 
ruies ana conirois at least in part use digital 
i/Cjuijcaic Jiuoimaiion. 


The license contains a digital certificate. 
1 he DKM client uses the certificate in the 
license to verify this signature and to verify - 
that the header has not been tampered with 






! 14. The method of claim 91 wherein said 
rules and controls specify at least one 
clearinghouse acceptable to rightsholders. 


The signed header contains at least orie 
URL that indicates to the Windows Media 
Rights Manager the license clearinghouse 
to be used in acquiring licenses. 






1 17. The method of claim 114 wherein said 
at least one acceptable clearinghouse is a 
rights and Dermissions clean nf>hrm<;p 


This clearinghouse is a license 
clearinghouse responsible for mapping 
rights and permissions onto requested 
content or narrowcasts and binding them to 
the requesting client environment or user of 
this environment. 






131. The method of claim 91 wherein said 
receiving appliance is a personal computer. 


Windows Media Player and the 
individualized DRM client run on a 
personal computer. 
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INTERTRUST TECHNOLOGIES CORP. v. MICROSOFT CORP. 
INTERTRUST INFRINGEMENT CHART 
FOR U.S. PATENT NO. 6,389,402 




Products infringing: Microsoft Visual Studio 
.NET, .NET License Cpmpiler, .NET 
Framework SDK, and .NET Common 
Language Runtime 



A method including 



A method for producing a third .NET 
component (application) that incorporates first 
and second .NET component whose 
distribution is license controlled. 



creating a first secure container including a 
Irst governed item and having associated a 
!rsi control; 



The first secure container is a first signed 
.NET component that includes a license 
control. The governed item is the .NET 
component. 

The first control is the set of declarative 
statements comprising the 
LicenseProviderAttribute of a first .NET 
licensed component that provides for a design- 
time license to use the control. This attribute 
also specifies the type of license validation that 
occurs. 



seating a second secure container including a 
econd governed item and having associated a 
econd control; 



The second secure container is the second 
signed .NET component that includes a license 
control. The governed item is the .NET 
component. 

The second control is the set of declarative 
statements comprising the 
LicenseProviderAttribute of a second .NET 
licensed component that provides for a design- 
time license to use the control. This attribute 
also specifies the type of license validation that 
occurs. 



ransferring the first secure container from a 
irst location to a second location; 



The creator distributes a signed and licensed 
.NET. component. 

An application developer at a second location 
downloads a first .NET component for 
inclusion into an application. 



A creator distributes a signed and licensed 
.NET component from a different location. 

Application developer downloads a second 
.NET component for inclusion into an 
application. 



ansferring the second secure container from a 
lird location to the second location; 
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at the second location, obtaining access to at 
least a portion of the first governed item, the. 
access being governed at least in part by the 
first control; 



At the second location, the application 
developer uses the .NET runtime that includes 
the LicenseManager to access a first governed 
item. . . 

Whenever a class (control or component) is 
instantiated (here, an instance of the first .NET 
licensed component), the license manager 
accesses the proper validation mechanism for 
the control or component. 

The first control comprises the declarative 
statement(s) (including licensing statements, 
and code access security statements) of the first 
.NET component. 



at the second location, obtaining access to at 
least a portion of the second governed item, the 
access being governed at least in part by the 
second control; 



At the second location, the application 
developer uses the .NET runtime that includes 
the LicenseManager to access a second 
governed item. 

Whenever a class (control or component) is 
instantiated (here, an instance of the second 
.NET licensed component), the license 
manager accesses the proper validation 
mechanism for the control or component. 
The second control comprises the declarative 
statement(s) (including licensing statements, 
and code access security statements) of the 
second .NET component. 



at the second location, creating a third secure 
container including at least a portion of the first 
governed item and at least a portion of the 
second governed item and having associated at 
least one control, the creation being governed 
at least in part by the first control and the 
second control. 



At the second location^ the application 
developer uses the .NET runtime that includes 
the LicenseManager to access a first governed 
item and second governed item to construct an 
application, the third secure container. 

Creation governance is accomplished by 
invoking the .NET runtime to access the first 
governed item and the second governed item. 

Whenever a class (control or component) is 
instantiated the license manager accesses the 
proper validation mechanism for the control or 
component. 

The portions of the first governed item and 
second governed item that are being included 
in the third secure container will typically 
include the governed items themselves, ie. the 
.NET components. 

The associated control in this case is the 
LicenseProviderAnribute, creaied and inserted 
into the application. 
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EXHIBIT C 



CONFIDENTIAL— SUBJECT TO PROTECTIVE ORDER OF NOVEMBER 19, 2001: 
Exhibit C contains documents or things that are the subject of a Protective Order of this 
Court and cannot be opened or its contents made available to anyone other than this Court 
or counsel of record for the parties. 



317977.01 



PATENT INITIAL DISCLOSURES, -683, '193, '861, '721, '891, '900, '912, '019, '876, '181, and '402 PATENTS 
CASE NO. C 01-1640 SB A (MEJ), CONSOLIDATED WITH C 02-0647 SBA 
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WILLIAM L. ANTHONY (State Bar No. 106908) 
ERIC L. WESENBERG (State Bar No. 139696) 
HEIDI L. KEEFE (State Bar No. 178960) 
BAS DE BLANK (State Bar No. ] 91487) 
ORR1CK, HERRINGTON & SUTCLIFFE, LLP . 
1000 Marsh Road 
MenloPark.CA 94025 
Telephone: (650)614-7400 
Facsimile: (650)614-7401 

STEVEN ALEXANDER (admitted Pro Hac Vice) 

JAMES E. GERINGER (admitted Pro Hac Vice) 

JOHN D. VANDENBERG 

KLARQUIST SPARKMAN, LLP 

One World Trade Center, Suite 1600 

121 S.W. Salmon Street 

Portland, OR 97204 

Telephone: (5031 226-7391 

Facsimile: (503) 228-9446 

Attorneys for Defendant and Counterclaimant, 
MICROSOFT CORPORATION 

UNITED STATES DISTRICT COURT 
NORTHERN DISTRICT OF CALIFORNIA 
OAKLAND DIVISION 



INTER TRUST TECHNOLOGIES 
CORPORATION, a Delaware corporation, 

Plaintiff, 

v. 

MICROSOFT CORPORATION, a 
Washington corporation, 

Defendant. 



Case No. C 01-1640 SBAfMEJ) 

Consolidated with C 02-0647 SBA (MEJ) 

DEFENDANT MICROSOFT 
CORPORATION'S PRELIMINARY 
INVALIDITY CONTENTIONS 

(Patent Local Rules 3-3 and 3-4) 



AND RELATED CROSS-ACTION. 
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I. Patent Local Rule 3-3(a) Identification of Prior Art 

Pursuant to Patent Local Rule 3-3, Defendant Microsoft Corporation ("Microsoft") makes 
the following Preliminary Invalidity Contentions' with respect to the following patents asserted 
by plaintiff lnlerTrust Technologies Corporation ("InterTrust") in this action: U.S. Patent No. 
6,185,683 ("the '683 patent"); U.S. Patent No. 6,253,193 ("the '193 patent"); U.S. Patent No. 
5,920,861 ("the '861 patent"); U.S. Patent No. 5,982,891 ("the '891 patent"); U.S. Patent No. 
5,917,912 ("the '912 patent"); U.S. Patent No. 6,157,721 ("the '721 patent"); U.S. Patent No. 
5,915,019 ("the '019 patent"); U.S. Patent No. 5,949,876 ("the '876 patent"); U.S. Patent No." 
6J 12,181 ("the ' 183 patent"); and U.S. Patent No. 6,3S9,402 ("the '402 patent"). 

Despite the length of time this case has been pending, discovery is still at an early stage 
due to intervening slays. InterTrust continues to assert eleven patents and over one hundred and 
fifty claims. In view of these factors, Microsoft continues to evaluate the prior art at this time. 
Microsoft reserves the right to amend or supplement its Preliminary Invalidity Contentions to take 
into account prior art, information or defenses that might come to light as a result of its 
continuing discovery efforts, errors subsequently recognized by any of the parties, and as a result 
of further evaluation of the prior art. 2 In addition, Microsoft has moved to strike lnterTrust's 
September 2, 2003 PLR 3-1 Preliminary Infringement Contentions as being insufficient. To the 
extent that the Court grants Microsoft's motion and orders InterTrust to amend/re-serve its 3-1 
statement in compliance with the Local Rules, Microsoft reserves the right to amend or 
supplement its PLR 3-3 Preliminary Invalidity Contentions in response to any amended 
infringement contentions submitted by InterTrust. Microsoft further reserves the right to rely 



' These Preliminary Invalidity Contentions incorporate by reference Microsoft's prior Preliminary 
Invalidity Contentions dated August 7 and 16, 2002. 

2 For example. Microsoft reserves the right to amend/supplement this disclosure once InterTrust 
complies with discovery responses, which Microsoft contends are incomplete and inadequate. To 
date, Microsoft has objected to lnterTrust's continued refusal to provide information sought in 
discovery, including, but not limited to: the identity of the alleged inventors of specific claims: 
conception or actual reduction to practice dates for specific claims; whether to there has ever been 
any alleged cmbodimcnt(s) of the asserted claims: and what, if any, specification support is 
alleged, Including from any of the applications for which InterTrust claims priority. 
Each of these piece?, of information could affect the priority date for any given claim, expanding 
or narrowing the window oi applicable pnor an. Without this information, which is within 
InterTrusf s^exclusive knowledge and control, Microsoft's PLR 3-3 Contentions are subject to 
amendment and/or supplementation. 
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upon InterTrusf s own activities, alone and in connection with others. Microsoft further reserves 
the right to amend this statement or otherwise further respond if InterTrust contends (or the Court 
rules) that any earJier or later priority dates may apply for individual claims. Microsoft also 
reserves its right to amend or supplement these invalidity contentions pursuant to Patent Local 
Rule 3-6 and 3-7. 

Attached hereto, as Appendix A, is a listing showing "the identity of each item of prior art 
that allegedly anticipates each asserted claim or renders it obvious" (PLR 3-3(a)). On information 
and belief, each listed publication became prior art at least as early as the dates given. In 
addition, the citations and explanations provided in the exhibits are mere examples, and Microsoft 
reserves its right to rely on any other portions or aspects of the prior art references and systems 
that may also disclose or practice elements of the asserted claims. Patent Local Rule 3-3 docs not 
require identification of evidence that establishes the inherence of a claim element in an item of 
prior art, nor does it require identification of evidence that establishes knowledge of those of 
ordinary skill in the relevant fields of an. Accordingly, Microsoft does not purport to have 
provided all such information in the attached exhibits. 

From InterTrust's current document production, it appears that its employees* and 
consultants' activities, including offers for sale, public uses, derivations, "inventions" (as the 
word is used in 35 ILS.C § 102(g)), and disclosures to Willis Ware, Drew Dean, and others not 
under any duty of confidentiality, constituted or created material and perhaps anticipatory prior 
art to many of the asserted claims. This art was not cited to the Patent Office. Discovery is 
ongoing, and Microsoft reserves the right to amend or supplement this disclosure after Microsoft 
has had an opportunity to investigate this possible prior art during discovery. 
II. Patent LocaJ Kulc 3 3(b) and 3-3 (c) Classification and Analysis of Prior Art 

- Microsoft contends that at least one term or phrase in each of the asserted claims is 
indefinite under 35 U.S.C. § 1 12, and hence, each of the asserted claims is incapable of 
construction. However, for the limited purpose of classification and analysis of prior art, 
Microsoft has construed the claim terms m a manner consisie.m wjth the apparent construction of 
terms offered by InterTrust in its Revised Preliminary Infringement Contentions. Microsoft does 
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not agree with these constructions, and nothing in these Preliminary Invalidity Contentions 
should be construed us an admission, a declaration against interest, whether under the 
Federal Kules of Evidence or otherwise, as to what a particular claim limitation means. For 
this reason, Microsoft's identification of "corresponding structures" for "means-plus- 
function" limitations that are set out in the Preliminary Invalidity Charts are riot 
admissions as to the identity of such structures. Rather, they are based upon Microsoft's best 
guess as to what InterTrust may someday identify as corresponding structures for the means-plus- 
function limitations of its asserted claims, to the extent that Microsoft understands them. 3 

Accordingly, Microsoft's Preliminary Invalidity Contentions should not be construed as 
advocating a particular claim construction for any disputed claim lenns. For the limited purpose 
of providing Preliminary Invalidity Contentions, and subject to the conditions set forth above, 
Microsoft has, to the extent possible, attempted to construe the claims in a manner consistent with 
InterTrust's Revised Preliminary Infringement Contentions. 

Pursuant to Patent Local Rules 3-3(b) and 3-3(c), Microsoft provides the classification of 
prior art in the listing and charts attached hereto as Appendices A and B. Appendix A, beyond 
identifying each item of prior art, further indicates whether each prior art reference is used as an 
anticipatory reference and/or as a reference which, alone, or in combination with other prior art, 
renders the claims obvious. Appendix B includes charts which (1) specifically identify where in 
each item of prior art each element of each asserted claim is found and (2) establish how that 
prior an anticipates or renders obvious all of the asserted claims. In the event that any charted 
prior an is found not to be anticipatory tinder 35 U.S.C. § 102, Microsoft reserves the right to rely 
upon that art to prove obviousness under 35 U.S.C. § 103. Likewise, in the event InterTrust 



3 To date, InterTrust has refused to identify any structure corresponding to the means-plus- 
function elements in its asserted claims. It is Microsoft's position that this is a violation of the 
Patent Local Rules, and that as a result of refusing to identify a smicture associated with each 
mcans-plus-fimciion element, InterTrust admits that there is no such structure disclosed, has 
waived its n^ht to assert claimed structure, and that those claims are therefore invalid ai least, fen 
failure to sausiv the written description requirement of 35 U.S.C. §- 1 J 2 . See InterT rust 's Patent 
Local Rule 3-1 served September 2, 2003 and ImerTrusf s Opposition to Microsoft's Motion to 
Strike InterTrusrs PLR 3-1 Contentions. 
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amends or supplements its Preliminary Infringement Contentions, Microsoft reserves its rights to 
amend and supplement its Preliminary Invalidity Contentions. 

To the extent that any prior art produced to InterTrust has not been classified as prior art 
under 35 U.S.C. §§ J02 or 103, Microsoft reserves the right to rely on this art or supplement ils 
disclosure for the following reasons: 

(i) Microsoft's position on the invalidity of particular claims will depend on how 
those claims are construed by the Court. As thus far only preliminary claim construction has 
occurred Microsoft cannot take a final position for the bases for invalidity of disputed claims: 
The Court's subsequent claim constructions of remaining terms may yield constructions different 
from what Microsoft assumes herein. 

(ii) Microsoft is continuing to diligently search for relevant prior art but has not yet 
completed that search and continues to evaluate prior art that has been located. 

(iii) Microsoft has not completed its discovery from Plaintiff or from third parties 
with knowledge of the relevant prior art. Depositions of the persons involved in the drafting and 
prosecution of the patents-in-suil, the inventors, and persons who attempted to practice 
InterTrusfs claimed invention, for example, will likely affect Microsoft's contentions. 

A. Prior Art Under 35 US.C. § 102 Which Anticipates The Asserted Claims of 
Each of the Asserted Patents 

Subject to the above-referenced qualifications concerning the preliminary nature of this 
disclosure, Microsoft believes a reasonable basis exists that, as more particularly explained in the 
Preliminary Invalidity Contentions attached as Appendix B hereto, the references listed in 
Appendix B anticipate the asserted claims of the each of the asserted patents. 

B. Prior Art Under 35 US.C. § 103 Which Renders Obvious One or More of the 
Asserted Claims 

Each of the references called out in Appendix A can be combined with one another so as 
to render one or more of the claims of the asserted patents invalid as obvious, and many of them 
arc explicitly motivated to do so by virtue of extensive cross-references to one another's 

soiuuon:.. bueN rust is currently assenim- 3:>3 claims in elfver. patents, which cite hundreds o J 
references. Hundreds of additional non-cited relevant prior art has been uncovered and cited to 
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InterTrust. The number of potential combinations of these references, if only two or a few 
references arc combined for each claim, is necessarily very large. Microsoft requests InterTrust 
to reduce its asserted claims so as to reduce the number of combinations to a manageable number. 
Nonetheless, Microsoft has provided mapping of combinations as discussed below. Indeed, even 
where explicit cross-referencing and incorporation by reference does not exist, the motivation to 
combine any of the references arises from the common objectives and subject matter, digital 
rights management. The common objectives and subject matter arc expressed generally in the 
claim charts of Appendix B s which arc incorporated by reference into Microsoft's showing under 
35U.S.C. §103. 

The motivation for seeking "security" privacy and integrity was widely recognized in the 
United States and elsewhere prior to February 13, 1994, and since prior to February 13, J 994, has 
extended to any information or item of perceived value, including books, music, games, computer 
systems, other computer programs, and any digital data or content that maybe deemed valuable or 
worthy of protection. Additional motivations to combine references include the desire to meet or 
exceed any applicable laws or industry or government standards, such as the Orange Book, 
Computer Fraud and Abuse Act of 3986, Computer Security Act of 1989 PL100-35, High 
Performance Computing Act (HPCA) of 1991 (PL1 02-194), and 17 TJ.S.C. §§ 101 et seq. 
Industry standards include those for communication such as X.509, TCP/IP, WWW, and WA1S, 
and those for encryption or transmission of encrypted information, e.g. DES, Triple DES, RSA, 
SSL, MIME, S/M1ME, SHTTP, HTTPS ? MD5, and PEM. Additional teachings to combine these 
references with such items of information include "security" (including "security" levels), 
permissions, certificates, tickets, "secure'' processors, "secure" storage, "smart" cards (including 
smart cards able to store data and perform computations such as encryption/decryption), tamper 
resistance techniques for hardware and software, physical "security", and "trusted" time. Also 
included are authentication and authorization in trusted distributed systems, enabling software or 
features thereof to run only on particular machines or in particular ways, and treating binary 
inlonriauojVdaia at vaned ieveis oi 2;anuj;:ni\ 
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It was further obvious to combine any of these "security" features with any of the software 

or hardware available at the time. For example, it would have been obvious to combine any file 

and operating systems such as NT, NFS, Andrew, Netware, Mach, DT Mach, Multics, Amoeba, 

1SOS, and Unix; or protocols, codes and systems such as secure kernels, WWW, SSL, SGML, 

hyptertext, Oak, Telescript, OOP and other programming technologies or frameworks {eg. 

Smalltalk, COM, OLE, Bento, OpenDoc; object oriented databases with watermarking; 

obfuscation; swIPe; SNMP; auditing; on-line (or other digitally transmitted) transaction and 

subscription-based services and billings; electronic payment; on-line banking, entertainment and 

commercial interactive commerce; ATMs: encryption and authentication; physical security tools 

and devices; physically secure locations; physically "secure" products such as tamper resistant 

computer or other devices, "secure" processors, 4 \secure r> memory, "smart" cards, set-top boxes, 

portable devices, "secure" communications facilities, electronic wallets. 4 

III. Patent Local Rule 3-3(d) Disclosure: Invalidity For Failure to Satisfy 
35 U.S.C. §312. 

Each of the asserted IntcrTrust patent claims is invalid as indefinite, for inadequate 
written description and for lack of enablement as those requirement are set forth by 35 U.S.C. § 
112 5 In accordance with Patent L.R. 3-3(d) ? Microsoft identifies in Appendix C, attached 
hereto, exemplary bases, on an element by element basis, for invalidating each asserted claim of 
each asserted paient for indefiniteness and lack of an adequate written description. The asserted 
claims are unclear in scope and not nearly as precise as the subject matter allows. 

Appendix C contains examples of why the indefiniteness prohibited by 35 U.S.C. 
§ 1 12(2) arises from many causes, including: 

a) use of terms that lack an ordinary meaning in the art and are undefined in the 

specification; 

4 These examples are not intended to be an exhaustive list and are set forth for illustrative 

purposes. 

Microsoft also asserts that one or more of the claims are invalid under 35 U.S.C. § 1 12(1 ) foi 
failure 10 identity the "besi mode" lor carrying out the invention. However, pursuant to Patent 
L.R. 3-3(d), Microsoft's arguments related to that defense are not required to be set forth in the 
attached charts, and hence are not included in Exhibit C. 
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b) use of terms that are used in the specification in a manner which is internally 
inconsistent, as well as inconsistent, with their ordinary meaning, but are not 
specifically defined in the specification; 

c) InterTrust's refusal to identify the structure in the application's written description 
linked to claim elements subject to 35 U.S.G. § 1 12, 16 ("means (or step) plus 
function); 

d) such excessive disclaimers of specificity of a term that the term becomes 
meaningless; 

e) inconsistent uses of a term within a single specification; 

f) inconsistent uses of a term between a specification and something allegedly 
incorporated into that specification; 

g) inconsistencies within the language of a given claim; 

h) inclusion of the same element twice in a claim, resulting in improper double 
inclusion of an element; 

i) impermissible reference to trademarks in a claim; 

j) inconsistent use of terms that may be synonyms for one another or that could be 
used to mean same thing or different things. 
The indefiniteness of the asserted claims is exacerbated by InierTrust's attempt to apply these 
claims to the very different structures and techniques of (or those that InterTrusl wrongly 
attributes to) the Microsoft accused products. Microsoft reserves the right to modify this listing, 
e.g., if and when InterTrusl clarifies its infringement contentions and claim construction 
positions. 

Appendix C also provides examples of the lack of an adequate written description 
supporting the asserted claims. For example, the asserted claims fail for lack' of an adequate 
written description under 35 U.S.C. § 1 12(1) to the extent that they are construed to contradict 
and/or fail io require the essential, non-optional alleged attributes of the alleged "inventions" 
identified in their specifications (ana any specification allegedly incorporated by reference) and 
the applications from which the patents issued. The asserted claims also fail to comply with the 
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written description requirement as set forth in Gentry Gallery, lnc v. Berkline Corp., 134 R3d 
1473 (Fed. Cir 1998) to the extent that the scope of any of them exceeds the scope of the alleged 
"invention" as set forth in the accompanying specification (and any specification allegedly . 
incorporated therein). For example, in the specification of U.S. Patent No. 6,253,193 IntcrTrust 
states that: 

The present invention asserted] y provides a new kind of "virtual 
distribution environment" (called "VDE" in this document) that 
secures, administers, and audits electronic information use. VDE 
also features fundamentally important capabilities for managing 
content that travels "across" the "information highway/' These 
capabilities comprise a rights protection solution that serves al] 
electronic community members. These members include content 
creators and distributors, financial sen-ice providers, end-users, and 
others. VDE is the first general purpose, configurable, transaction 
control/rights protection solution for users of computers, other 
electronic appliances, networks, and the information highway. 

Accordingly any claims that rely on this specification must be limited in scope to the invention 
described therein. To the extent that they exceed the scope of what is described, they arc invalid 
under the written description requirement. 

Microsoft further contends that each asserted claim, when viewed in its entirety, is 
invalid under 35 U.S.C § 1 1 2(1) because the specifications of the patents fail to teach one of 
ordinary skill in the art how to practice the entirety of the broad scope of those claims without 
undue experimentation. 

For example, based on the specification, most if not all of the claims involve the 
use of software of one kind or another, yet the specification does not disclose any software 
programs that could be used or adapted for use in practicing the claimed inventions. In addition 
to failing to disclose any software program by explicit reference, the patent specifications does 
not describe with sufficient specificity the identity of software programs needed to practice the 
claimed invention that would prevent the need for undue experimentation by a person skilled in 
the an to practice the claimed inventions. The claims set forth a multiplicity of functions, 
features, and characteristics for the purported inventions, and the specifications are replete with 
reierences to somvare necessary to practicing me invention^ yet the speciiieaiion neiihe- 
identifies enabling software that satisfies such requirements, nor provides guidance that would 
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allow a person of ordinary ski)] in the art to program enabling software without undue 
experimentation. 6 

As shown in Appendix C 7 , asserted claims contain terms that are subject to, 
multiple definitions, and the patent specifications do not disclose one or more of the alternate 
definitions. The full scope of the claim is therefore not described or taught in the specification. 
Any claim in Appendix C that contains a claim term subject to multiple definitions fails to teach 
the full scope of the claim and therefore fails the enablement requirement if the specification does 
not specify the operative definition for the term. 

There are numerous other reasons that the unprecedented breadth of scope of the 
claims asserted by InterTrust are not enabled, including InterT rust's failure to implement the 
claims after substantial investment of time, labor, and money. Given the complexity of the 
asserted patents and their interdisciplinary subject matter, the state of the prior art, the absence of 
predictability of the prior art, the amount of experimentation necessary to practice the patents, the 
absence of embodiments, and the absence of guidance for practicing the invention provided in the 
specification 8 , the relative skill of those practicing the art and the breadth of the claims, the 
asserted claims fail to meet the enablement requirement of 35 U.S.C. § 1 12 1 1. 

The full claims of the asserted patents fail to satisfy the enablement and written 
description requirements for the following reasons: 

The '683 Patent 

Claim 2: Claim 2 of the '683 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 

6 In its discovery responses, InterTrust refuses to identify software programs necessary for 
practicing the inventions purportedly disclosed in the asserted patents. See InterTrust responses to 
Microsoft Interrogatory Nos. 39 and 40. 

7 See Appendix Cfor further element by element analysis of invalidity for failure to satisfy 35 
U.S.C. §112^1. The indefiniteness of the claim terms addressed in Exhibit C affect enablement 
because the indefiniteness of the claim terms prevents the specification from adequately teaching 
a person of skill in the an how to make and use the full ^cope of the claimed inventions without 
undue expenmeniauoi,. 

8 The failure of the specifications to provide necessary guidance also establishes that the claims 
fail to meet the written description requirement of 35 U.S.C. § 1121 L 
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software and operation of such software on accompanying hardware. Specifically, limitations in 
Claim 2 (63:40-66), both explicitly and implicitly require software. Since no software is 
disclosed in the specification, and since the specification provides no useful programming 
guidance, a person of skill in the art would have to engage a process of trial and error, perhaps 
followed by bottom up software development, in order to make and use the full scope of Claim 2. 
Claim 2 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "security", "secure container/* "containing"). The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the art would therefore be required to undertake undue experimentation in order to make and 
use the invention across the full scope claimed. For these reasons and for the reasons .stated 
above with respect to all of the claims, Claim 2 fails the enablement and written description 
requirements of 35 U.S.C. § H2f 1. 

Claim 3: Claim 3 of the '683 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim 3 (64:6-30), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and insufficient programming guidance (if any) is 
provided by the specification, a person of skill in the an would have to engage a process of trial 
and error, perhaps followed by bottom up software development, in order to make and use the full 
scope of Claim 3. Claim 3 also fails the enablement requirement in light of the breadth of the 
subject matter claimed (e.g. "security", "secure container," "rule"). The specification does not 
leach a person of ordinary skill in the art how to practice the full scope of the claim, and a person 
of skill in the art would therefore be required to undertake undue experimentation in order to 
make and use the invention across the full scope claimed. For these reasons and for the reasons 
stated above with respect to all or the claims, Claim 3 fails the enablement and written description 
requirements of 35 U.S.C. § 1 12 ( Jj ]. 

Claim 4: Claim 4 is dependent upon Claim 3 and thus fails the enablement and 
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written description requirements of 35 U.S.C. § J 12 J for the reasons stated above. In addition, 
the limitation of Claim 4 fails because it requires additional undisclosed software. 

Claim 5: Claim 5 of the '683 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the deveI6pmcnt of enabling 
software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim 5 (64:41-66), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill in the art would have to engage a process of trial and error, perhaps followed by 
bottom up software development, in order to make and use the full scope of Claim 5. Claim 5 
also fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"security", "secure container," "governed item"). The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. For these reasons and for the reasons staled above with 
respect to all of the claims, Claim 5 fails the enablement and written description requirements of 
35 U.S.C. §312^1. 

Claim 6: Claim 6 is dependent upon Claim 5 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 H 1 for the reasons stated above. In addition, 
the limitation of Claim 6 fails because it requires additional undisclosed software.. 

Claim 28: Claim 28 of the '683 patent fails the enablement requirement because 
the specification does not leach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
-software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim 28 (70:20-59), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill m me art would have to engage a process oi trial and error, perhaps followed by 
bottom up software development, in order to make and use the full scope of Claim 28. Claim 28 
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also fails the enablement requirement in light of the breadth of the subject matter claimed {e.g. 
"security," "electronic intermediary," "being associated with . . The specification does not 
teach a person of ordinary skill in the art how to practice the full scope of the claim, and a person 
of skill in the art would therefore be required to undertake undue experimentation in order to 
make and use the invention across the full scope claimed. For these reasons and for the reasons 
stated above with respect to all of the claims, Claim 28 fails the enablement and written 
description requirements of 35 U.S.C § 1 12 f 1 . 

Claim 29: Claim 29 is dependent upon Claim 28 and fails the enablement and' 
written description requirements of 35 U.S.C. § 112^1 for the reasons stated above. In addition, 
the limitation of Claim 29 fails because it requires additional undisclosed software. Claim 29 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"operativejy connected"). The specification does not teach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed 

Claim 56: Claim 56 of the '683 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim 56 (77:34-56), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill in the art would have to engage a process of trial and error, perhaps followed by 
bottom up software development, in order to make and use the full scope of Claim 56. Claim 56 
also fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"security," "secure container/' "secure electronic container')- The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the an would therefore be required to undertake undue experimentation in oroer to make and 
use the invention across the full scope claimed. For these reasons and for the reasons stated 
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above with respect to all of the claims, Claim 56 fails the enablement and written description 
requirements of 35 U.S.C § 112 <j[ 1. 

Claim 126: Claim 126 of the *683 patent fails the enablement requirement 
because the specification does not teach a person of ordinary skill in the relevant arts how to 
practice the purportedly disclosed invention without undue cxperimentation.in the development of 
enabling software and operation of such software on accompanying hardware. Specifically, 
several limitations in Claim 126 (82:50-83:7), both explicitly and implicitly require software. 
Since no software is disclosed in the specification, and no meaningful programming guidance is 
provided, a person of skill in the an would have to engage a process of trial and error, perhaps 
followed by bottom up software development, in order to make and use the full scope of Claim 
126. Claim 126 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "security," "secure digital container/' "trusted intermediary services"). The 
specification does not teach a person of ordinary skill in the art how to practice the full scope of 
the claim, and a person of skill in the art would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. For these 
reasons and for the reasons stated above with respect to all of the claims, Claim 126 fails the 
enablement and written description requirements of 35 U.S.C. § 1 12 51 1. 

Claim J 27: Claim 127 is dependent upon Claim 126 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 <fl 1 for the reasons stated above. In 
addition, the limitation of Claim 127 fails because it requires additional undisclosed software. 
Claim 127 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "at least in part identifies")- The specification does not teach a person of ordinary 
skill in the an how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed 

The ( 193 Patent 

Claim ] Ciajm 1 of the * J9-. paicni fails trie enablement requirement because the 
specification does not leach a person of ordinary skill in the relevant arts how to practice the 
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purportedly disclosed invention without undue experimentation in the development of enabling 
software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim ] (320:62-321 :J 8), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill in the art would have to engage a process of trial and error, perhaps followed by 
bottom up software development, in order to make and use the full scope of Claim 1. Claim 1 
also fails the enablement requirement in light of the breadth of the subject matter claimed {e.g. 
"budget control," "secure database," "copy control"). The specification does not teach a person 
of ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the 
art would therefore be required to undertake undue experimentation in order to make ,and use the 
invention across the full scope claimed. For these reasons and for the reasons stated above with 
respect to all of the claims, Claim I fails the enablement and written description requirements of 

35U.S.C.§ 1121 1. 

Claim 2: Claim 2 is dependent upon Claim 1 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 J 2 1 1 for the reasons stated above. In addition, 
the limitation of Claim 2 fails because it requires additional undisclosed software. Claim 127 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "a time 
substantially contemporaneous"). The specification does not teach a person of ordinary skill in 
the art how to practice the full scope of the claim, and a person of skill in the art would therefore 
be required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed 

Claim 3: Claim 3 is dependent upon Claim 2 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In addition, 
the limitation of Claim 3 fails because it requires additional undisclosed software. Claim 3 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"encumbrance on said budget"). The specification does not teach a person of ordinary skill in the 
an how io practice the fuli scope of the claim, and a person of skili in the an would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 

. . .MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS 

" J 4 " C 01-1640 SBA (MEJ) 



1 

2 
3 
4 
5 
6 
7 
8 
9 

10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 

28 



full scope claimed. 

Claim 4: Claim 4 is dependent upon Claim 3 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 5 1 for the reasons staled above. In addition, 
the limitation of Claim 4 fails because it requires additional undisclosed software. Claim 4 also 
fails the enablement requirement in light of the breadth of the subject matter; claimed (e.g. "digital 
file authorized by said budget"). The specification does not teach a person of ordinary skill in the 
art how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Ciaiii) 11: Claim 1 1 of the '193 patent faiis the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim 1 J (322:22-45), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill in the art would have to engage a process of trial and error, perhaps followed by 
bottom up software development, in order to make and use the full scope of Claim 1 1. Claim 1 1 
also fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"security," "secure memory," "features"). The specification does not teach a person of ordinary 
skill in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. For these reasons and for the reasons stated above with respect to 
all of the claims, Claim ) J fails the enablement and written description requirements of 35 U.S.C. 
§11211. 

Claim 15: Claim 15 of the "193 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purponcdlv disclosed invention without undue experimentation m the development ol enabling 
software and operation of such software on accompanying hardware. Specifically, several 
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limitations in Claim 15 (323:15-41), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill in the art would have to engage a process of trial and error, perhaps followed hy 
bottom up software development, in order to make and use the full scope of Claim 15. Claim 15 
also fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"security," "secure database"). The specification does not teach a person of ordinary skill in the 
art how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across \h6 
full scope claimed. For these reasons and for the reasons stated above with respect to all of the 
claims, Claim 15 fails the enablement and written description requirements of 35 U.S,C. § 112 
1 1. 

Claim 16: Claim 16 is dependent upon Claim 15 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 5 1 for the reasons stated above. In 
addition, the limitation of Claim 16 fails because it requires additional undisclosed software. 
Claim 16 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "authentication step"). The specification does not leach a person of ordinary skill in 
the art how to practice the full scope of the claim, and a person of skill in the art would therefore 
be required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed 

Claim 19: Claim 19 of the '193 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim 19 (324:9-37), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill in the art would have to engage a process of trial and error, perhaps followed by 
bottom up soli ware development, m order to make :ina use ine ful'j .scope at Ciaim 19 Chum 19 
also fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
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"clearinghouse 5 '). The specification does not teach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 19 fails the enablement and written description requirements of 35 U.$.C. § 112 ^ 1. 

Claim 51: Claim 51 of the '193 patent fails the enablement requirement because 
the specification does not leach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software and operation of such software on accompanying hardware. Specifically, several 
limitations in Claim 51 (326:51-327: 12), both explicitly and implicitly require software. Since no 
software is disclosed in the specification, and no meaningful programming guidance is provided, 
a person of skill in the art would have to engage a process of trial and error, perhaps followed by 
bottom up software development, in order to make and use the full scope of Claim 51. Claim 51 
also fails the enablement requirement in light of the breadth of the subject matter claimed {e.g. 
"security/' "clearinghouse," "location remote from"). The specification does not teach a person 
of ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the 
art would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. For these reasons and for the reasons stated above with 
respect to all of the claims, Claim 53 fails the enablement and writien description requirements of 
35U.S.C § 1121 1. 

The 4 861 Patent 

Claim 34: Claim 34 of the '861 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 34 (24:65-25:15), both explicitly and 
implicitly require software. Since no software is disclosed in the specification, and no 
mcanmeful provramjTiinp" guidance is provided. person of ski!! in the an would have io engage ;•■ 
process of trial and error, perhaps followed by bottom up software development, in order to make 
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and use the full scope of Claim 34. Claim 34 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "descriptive data structure," "element information," 
"metadata ru)cs")- The specification does not teach a person of ordinary skill in the ait how to 
practice the full scope of the claim, and a person of skill in the ail would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, . 
Claim 34 fails the enablement and written description requirements of 35 U.S.C. § 1121-1. 

Claim 35: Claim 35 is dependent on Claim 34 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In addition, 
ihe limitation of Ciaim 35 fails because it requires additional undisclosed software. Claim 35 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "rights 
management data structure"). The specification does not teach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 36: Claim 36 is dependent on Claim 35 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In addition, 
the limitation of Claim 36 fails because it requires additional undisclosed software. Claim 36 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"content," "rules at least in part governing . . .")■ The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 37: Claim 37 is dependent on Claim 36 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 3 2 % I for the reasons stated above. In addition, 
the limitation of Claim 37 fails because it requires additional undisclosed software. Claim 37 also 
talis i iie enablement requirement in light of the breadth of ihe subject matter claimed (e.g. 
"descriptive data structure is stored within said first secure container'). The specification does 
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not teach a person of ordinary skill in the art how to practice the full scope of the claim, and a 
person of skill in the art would therefore be required to undertake undue experimentation in order 
to make and use the invention across the full scope claimed. 

Claim 44: Claim 44 is dependent on Claim 34 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 SI 1 for the reasons stated above. In addition, 
the limitation of Claim 44 fails because it requires additional undisclosed software. Claim 44 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"representation of the format of data . . .")- The specification does not leach a person of ordinary 
skill in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 45: Claim 45 is dependent on Claim 44 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 112 1 1 for the reasons stated above. In addition, 
the limitation of Claim 45 fails because it requires additional undisclosed software. Claim 45 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"information regarding elements . . .")- The specification does not teach a person of ordinary skill 
in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 46: Claim 46 is dependent on Claim 44 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 112 H J for the reasons stated above. In addition, 
the limitation of Claim 46 fails because it requires additional undisclosed software. Claim 46 also 
fails the enablement requirement in light of the breadth of the subject matter claimed {e.g. "target 
data block"). The specification does not leach a person of ordinary skill in the art how to practice 
the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 47: Claim 47 is dependent on Claim 46 and thus fails the enablement and 
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written description requirements of 35 U.S.C § 1 12 % 1 for the reasons stated above. ' In addition, 
the limitation of Claim 47 fails because it requires additional undisclosed software. Claim 47 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "target 
data block/ 1 "target environment"). The specification does not teach a person of ordinary skill in 
the art how to practice the full scope of the claim, and a person of skill in the art would therefore 
be required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 48: Claim 48 is dependent on Claim 46 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12*11 1 for the reasons stated above. In addition, 
the limitation of Claim 48 fails because it requires additional undisclosed software. Claim 48 also ■ 
fails the enablement requirement in light of the breadth of the subject matter claimed {e.g. 
"source," "source message field**). The specification does not teach a person of ordinary skill in 
the art how to practice the full scope of the claim, and a person of skill in the art would therefore 
be required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 58: Claim 34 of the '861 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 34 (24:65-25:15), both explicitly and 
implicitly require software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, a person of skill in the art would have to engage a 
process of trial and error, perhaps followed by bottom up software development, in order to make 
and use the full scope of Claim 34. Claim 34 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "metadata information," "generating or identifying at 
least one rule . . . :? ). The specification does not teach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation m order io make: and use \h? invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
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Claim 34 fails the enablement and written description requirements of 35 U.S.C § 112 5 * * 

Claim 64: Claim 64 is dependent on Claim 58 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 1 2 <jl ] for the reasons stated above. In addition, 
the limitation of Claim 64 fails because it requires additional undisclosed software. Claim 64 also 
fails the enablement requirement in light of the breadth of the subject matterclaimed {e.g. 
"creation of said first secure container"). The specification does not leach a person of ordinary 
skill in the art how to practice the full scope of the claim, and. a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 67: Claim 67 is dependent on Claim 64 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons slated above. In addition, 
the limitation of Claim 67 fails because ii requires additional undisclosed software. Claim 67 also 
fails the enablement requirement in light of the breadth of the subject matter claimed. The 
specification does not leach a person of ordinary skill in the art how to practice the full scope of 
the claim, and a person of skill in the an would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. 

Claim 6S: Claim 68 is dependent on CJaim 67 and thus fails the enablement and 
written description requirements of 35 U.S.C. § ] 12 1 1 for the reasons slated above. In addition, 
the limitation of Claim 68 fails because it requires additional undisclosed software. Claim 68 also 
fails the enablement requirement in light of the breadth of the subject matter claimed. The 
specification does not leach a person of ordinary skill in the art how to practice the full scope of 
the claim, and a person of skill in the art would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. 

Claim. 71 : Claim 71. is dependent on Claim 58 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 1 2 5 1 for the reasons stated above. In addition, 
the limitation of Claim 71 fails because it requires additional undisclosed software. Claim 71 also 
j'aiis the enablement reuuiremeni m hern oi m<- orejdib oi me subjec; matter claimed. The 
specification does not teach a person of ordinary skill in the art how to practice the full scope of 
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the claim, and a person of skill in the an would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. 

Claim 72: Claim 72 depends to Claim 58 and fails the enablement and written 
description requirements of 35 U.S.C. §11211 for the reasons stated above. In addition, the 
limitation of Claim 72 fails because it requires additional undisclosed software. 

The '891 Patent 

Claim 1: Claim 1 of the '891 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 1 (318:59-319:8), both explicitly and 
implicitly require software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, a person of skill in the art would have to engage a 
process of trial and error, perhaps followed by bottom up software development, in order to make 
and use the full scope of Claim 1 . Claim 1 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "securely receiving;* "secure operating environment," 
"control")- The specification does not teach a person of ordinary skill in the art how to practice 
the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons slated above with respect to all of the claims, 
Claim 1 fails the enablement and written description requirements of 35 U.S.C. § 11251. 

Claim 22: Claim 22 of the *S91 patent fails the enablement requirement because 
the specification does not teach a person of ordinary' skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 22 (320:15-31) both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error perhaps followed by boriom up son ware development, in order 10 make and use 
the full scope of Claim 22. Claim 22 also fails the enablement requirement in light of the breadth 
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of the subject matter claimed (e.g. "securely combining/' "control arrangement/' "securely 
requiring"). The specification does not teach a person of ordinary skill in the art how to practice 
the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 22 fails the enablement and written description requirements of 35 U.S.C. § 1 12 % 1 . 

Claim 23: Claim 23 is dependent on CJaim 34 and thus fails the enablement and 
written description requirements of 35 U.S.C § 1 12 1 1 for the reasons stated above. In addition, 
the limitation of Claim 23 fails because it requires additional undisclosed software. 

Claim 26: Claim 26 of the '891 patent fails the enablement requirement because 
the specification does not leach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 26 (320:40-55) both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 26. Claim 26 also fails the enablement requirement in light of the breadth 
of the subject matter claimed {e.g. "composite data item." securely providing,"). The 
specification does not teach a person of ordinary skill in the art how to practice the full scope of 
the claim, and a person of skill in the art would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. For these 
reasons and for the reasons stated above with respect to all of the claims, Claim 26 fails the 
enablement and written description requirements of 35 U.S.C. § 1 12 ( ]j 1. 

CJaim 27: Claim 27 is dependent on Claim 26 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In addition, 
the limitation of Claim 27 fails because it requires additional undisclosed software. Claim 27 also 
fails the enablement requirement in litihi of the breadth of the subiect matter claimed \c.a; 
"combining step' 7 ). The specification does not teach a person of ordinary skill in the art how to 
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practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 28: Claim 28 is dependent on Claim 26 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons slated above. In addition, 
the limitation of Claim 28 fails because it requires additional undisclosed software. Claim 28 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"composite"). The specification does not teach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 29: Claim 29 is dependent on Claim 26 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 112 5 J far the reasons stated above. In addition, 
the limitation of Claim 29 fails because it requires additional undisclosed software. Claim 29 also 
fails the enablement requirement in light of the breadth of the subject matter claimed {e.g. 
"ensuring the integrity of said association . . .")• The specification docs not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 31: Claim 31 is dependent on Claim 26 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In addition, 
the limitation of Claim 31 fails because it requires additional undisclosed software. Claim 31 also 
fails the enablement requirement in light of the breadth of the subject matter claimed {e.g. 
"codelivering"). The specification does not teach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 35: Claim 35 of the 'S91 patent fails the. enablement requirement because 
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the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 35 (321 :29-4 J), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have tQ engage a process of 
trial and error, perhaps followed by bottom up software development, in order lo make and use 
the full scope of Claim 35. Claim 35 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "secure operating environment"). The specification does not 
teach a person of ordinary skill in the art how to practice the full scope of the claim, and a person 
of skill in the art would therefore be required to undertake undue experimentation in order to 
make and use the invention across the full scope claimed. For these reasons and for the reasons 
stated above with respect to all of the claims, Claim 35 fails the enablement and written 
description requirements of 35 U.S.C § 112*11 J. 

Claim 36: Claim 36 of the l S91 patent fails the enablement requirement because 
the specification does not leach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 36 (321:44-57), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the an would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 36. Claim 36 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "secure operating environment system," "operatively 
connected/' "logically associated with"). The specification does not leach a person of ordinary 
skill in the art how to practice the full scope of the claim, and a person of skill in the an would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. For these reasons and for the reasons stated above with respect to 
all of the claims. Gam; 36 fails the enablement ana wnuen aesenpnon requirements of 35 U.S.C 
§ 1121 1. 

0 , MlCEOSOri \S PRELIMINARY INVALIDITY CONTENTIONS 

" " C 01-1640 SB A (MEJ) 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
]} 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
2S 



Claim 39: Claim 39 is dependent on Claim 22 and thus fails the enablement and 
written description requirements of 35 U.S.C. §. 1 1 2 | 1 for the reasons stated above. In addition, 
the limitation of Claim 39 fails because it requires additional undisclosed software. Claim 39 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"persistently associating," "control arrangement"). The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 40: Claim 40 is dependent upon Claim 26 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112<jl 1 for the reasons stated above. In 
addition, the limitation of Claim 40 fails because it requires additional undisclosed software. 
Claim 40 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "control arrangement"). The specification does not teach a person of ordinary skill 
in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 51: Claim 51 is dependent upon Claim 1 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 J for the reasons stated above. In addition, 
the limitation of Claim 51 fails because it requires additional undisclosed software. Claim 51 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "end 
user electronic appliance," "secure processing step")- The specification does not teach a person 
of ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the 
an would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 53: Claim 53 is dependent upon Claim 22 and thus fails the enablement 
and written description requirements of 35 U.S.C § 1 12 % 1 for the reasons staled above. In 
addition, the limitation of Chum 53 fails because h requires additional undisclosed software. 
Claim 53 also fails the enablement requirement in light of the breadth of the subject matter 
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claimed (e.g. "end user electronic appliance"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 54: Claim 54 is dependent upon Claim 26 and thus faijs the enablement 
and written description requirements of 35 U.S.C. § 1 1 2 1 1 for the reasons stated above. In 
addition, the limitation of Claim 54 fails because it requires additional undisclosed software. 
Claim 54 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "end user electronic appliance"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the an 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 56: Claim 56 is dependent upon Claim 35 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 11 2 <J| 1 for the reasons stated above. In 
aduiiicr., the limitation of Claim 56 fails because it requires additional undisclosed software. 
Claim 56 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "end user electronic appliance"). The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 57: Claim 57 is dependent upon Claim 36 and thus fails the enablement 
and written description requirements of 35 U.S.C § 1 12 % 1 for the reasons stated above. In 
addition, the limitation -of Claim 57 fails because it requires additional undisclosed software. 
Claim 57 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "end user electronic appliance," "proiecled processing environment"). The 
specification does not leach * person of ordinary skill in the art how to practice the full scope of 
the claim and :•■ person of ski): in ihe an would lhereiorc be required io undertake undue 
experimentation in order io make and use the invention across the full scope claimed. 
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claimed {e.g. ^securely receiving"). The specification does not teach a person of ordinary skill in 
the art how to practice the full scope of the claim, and a person of skill in the an would therefore 
be required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 64: Claim 64 is dependent upon Claim 36 and thus fajls the enablement 
and written description requirements of 35 U.S.C. § 1 12^1 ] for the reasons staled above. In 
addition, the limitation of Claim 64 fails because it requires additional undisclosed software. 
Claim 64 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "controls")- The specification does not teach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the an would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 65: Claim 65 is dependent upon Claim 1 and thus fails the enablement and 
written description requirements of 35 U.S.C. § ] 121 J for the reasons stated above. In addition, 
the limitation of Claim 65 fails because jt requires additional undisclosed software. Claim 65 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "secure 
processing environment"). The specification does not teach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 67: Claim 67 is dependent upon Claim 22 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 ^1 1 for the reasons stated above. In 
addition, the limitation of Claim 67 fails because it requires additional undisclosed software. 
Claim 67 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "secure processing environment"). The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would ihcreforc he remnred to undertake undue- experimentation in order to make and use the 
invention across the full scope claimed. 
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Claim 68: Claim 68 is dependent upon Claim 26 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 1 1 for the reasons stated above. In 
addition, the limitation of Claim 68 fails because it requires additional undisclosed software. 
Claim 68*also fails the enablement requirement in light of the breadth of the subject matter 
claimed {e.g. "secure processing environment"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 70: Claim 70 is dependent upon Claim 35 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1.1 2 % 1 for the reasons stated above. In 
addition, the limitation of Claim 70 fails because it requires additional undisclosed software. 
Claim 70 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "secure processing environment," "securely processing" "securely executing"). 
The specification does not teach a person of ordinary skill in the art how to practice the full scope 
of the claim, and a person of skill in the art would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. 

Claim 71: Claim 71 is dependent upon Claim 1 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 112 % 1 for the reasons stated above. In addition, 
the limitation of Claim 71 fails because it requires additional undisclosed software. Claim 71 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"securely combining," "control arrangement' 1 )- The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 74: Claim 74 is dependent upon Claim 35 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 1 2 % 1 for the reasons stated above. In 
addition, the limitation of Claim 1A fails because n requires additional undisclosed somvarc. 
Claim 74 also fails the enablement requirement in light of the. breadth of the subject matter 
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claimed (e.g. "securely combining " "combined executable"). The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the ail would therefore be required to undertake undue experimentation in order to make and 
use the invention across the full scope claimed. 

Claim 75: Claim 75 is dependent upon Claim 36 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 11211 for the reasons stated above. In 
addition, the limitation of Claim 75 fails because it. requires additional undisclosed software. 
Claim 75 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "combined control arrangement"). The specification does not teach a person of 
ordinary skill in ihe art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 76: Claim 76 is dependent upon Claim 1 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 3 2 <j[ J for the reasons stated above. In addition, 
the limitation of Claim 76 fails because it requires additional undisclosed software. Claim 76 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"securely receiving steps," "independently performed at different limes"). The specification does 
not teach a person of ordinary skill in the art how to practice the full scope of the claim, and a 
person of skill in the art would therefore be required to undertake undue experimentation in order 
to make and use the invention across the full scope claimed. 

Claim 79: Claim 79 is dependent upon Claim 26 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In 
addition, the limitation of Claim 79 fails because it requires additional undisclosed software. 

Claim 81: Claim 81 is dependent upon Claim 35 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 <J| 1 for the reasons stated above. In 
addition, the limitation of Claim SI fails because it requires additional undisclosed software. 
Claim SJ aiso iaih tnt* enabjemeni requirement m iigm of me breadth of the subject matter 
claimed (e.g. "securely receiving steps")- The specification does not teach a person of ordinary 
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skill in the ail how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 82: Claim 82 is dependent upon Claim 36 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 1 2 <j| 1 for the reasons stated above. In 
addition, the limitation of Claim 82 fails because it requires additional undisclosed software. 
Claim 82 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "controls"). The specification does not teach a person of ordinary skill in the art " 
how to practice the full scope of (he claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 84: Claim 84 is dependent upon Claim 1 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In addition, 
the limitation of Claim 84 fails because il requires additional undisclosed software. Claim 84 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
"first/second entity's control"). The specification does not teach a person of ordinary skill in the 
art how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 86: Claim 86 is dependent upon Claim 26 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 1 2 1 1 for the reasons slated above. In 
addition, the limitation of Claim 86 fails because it requires additional undisclosed software. 
Claim 86 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "control"). The specification does not teach a person of ordinary skill in the art how 
to practice the full scope of the claim, and a person of skill in the art would therefore be required 
io undertake undue experimentation in order to make and use ihe invention across the full scope 
claimed. 

Claim 88: Claim 88 is dependent upon Claim 36 and thus fails the enablement 
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and written description requirements of 35 U.S.C. §'11211 for the reasons stated above. In 
addition, the limitation of Claim 88 fails because it requires additional undisclosed software. 
Claim 88 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "control"). The specification does not teach a person of ordinary skill in the art how 
to practice the full scope of the claim, and a person of skill in the art would therefore be required 
to undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 89: Claim 89 is dependent upon Claim 1 and thus fails the enablement and . 
written description requirements of 35 U.S.C. §112 11 for the reasons stated above. In addition, 
the limitation of Claim 89 fails because it requires additional undisclosed software. Qlaim 89 also 
fails the enablement requirement in lisht of the breadth of the subject matter claimed (e.g. 
"control," "protected processing environment"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 91: Claim 91 is dependent upon Claim 22 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 % 1 for the reasons stated above. In 
addition, the limitation of Claim 91 fails because it requires additional undisclosed software. 
Claim 91 also fails the enablement requirement in light of the breadth of the subject matter 
claimed. The specification does not teach a person of ordinary ski)] in the art how to practice the 
full scope of the claim, and a person of skill in the art would therefore be required to undertake 
undue experimentation in order to make and use the invention across the full scope claimed. 

Claim 94: Claim 94 is dependent upon Claim 35 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 H 1 for the reasons stated above. In 
addition, the limitation of Claim 94 fails because it requires additional undisclosed software. 
Claim 94 also fails the enablement requirement in light of the breadth of the subject matter 
claimed. The specification does no; teach a person of orciinarv .skill in the an how io practice ihr 
full scope of the claim, and a person of skill in the an would therefore be required to undertake 
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undue experimentation in order to make and use the invention across the full scope claimed. 

Claim 95: Claim 95 is dependent upon Claim 36 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 for the reasons staled above. In 
addition, the limitation of Claim 95 fails because it requires additional undisclosed software. 
Claim 95 also fails the enablement requirement in light of the breadth of the •subject matter 
claimed. The specification does not teach a person of ordinary skill in the art how to practice the 
full scope of the claim, and a person of skill in the art would therefore be required to undertake 
undue experimentation in order to make and use the invention across the full scope claimed. 

The '91 2 Patent 

Claim 6: Claim 6 of the '912 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 6 (326:65-327:23), both explicitly and 
implicitly require software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, a person of skill in the art would have to engage a 
process of trial and error, perhaps followed by bottom up software development, in order to make 
and use the full scope of Claim 6. Claim 6 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "relatively lower level of security/' "private portion 
characterized by . . . " "accessing" "record"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. For these reasons and for the reasons stated above with 
respect to all of the claims, Claim 6 fails the enablement and written description requirements of 
35U.S.C.§ 1121 1- 

Claim 7: Claim 7 is dependent upon Claim 8 and thus fails the enablement arid 
written description requirements of 35 U.S.C. § 1121 1 for the reasons stated above. In addition, 
the limitation of Claim 7 fails because it requires addiuonai undisclosed software. Claim 1 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. 
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"relatively higher/lower level of security"). The specification does not teach a person of ordinary 
skill in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 8: Chum S of the '912 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 

software. Specifically, several limitations in Claim 8 ( ), both explicitly and implicitly 

require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the an would have to engage i) process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim S. Claim 8 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "higher/lower level of security/ 1 "execution space identifier," 
"assembling"). The specification does not teach a person of ordinary skill in the an how to 
practice the full scope of the claim, and a person of skill in the ait would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 8 fails the enablement and written description requirements of 35 U.S.C. § 112 5 1. 

Claim 9: Claim 9 is dependent upon Claim 8 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons staled above. In addition, 
the limitation of Claim 9 fails because it requires additional undisclosed software. 

Claim 13: Claim 13 is dependent upon Claim 8 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 H 1 for the reasons slated above. In addition, 
the limitation of Claim 13 fails because it requires additional undisclosed software. Claim 13 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "a 
security level higher that that of the execution space, 8 *)- The specification does not teach a person 
0\ ordmarv skill in the an how io practice the fuli scone of the claim, and a person of skill in the 
an would therefore be required to undertake undue experimentation in order to make and use the 
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invention across ihe full scope claimed. 

Claim 14: Claim 14 is dependent upon Claim 13 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In 
addition, the limitation of Claim 14 fails because it requires additional undisclosed software. 

Claim 35: Claim 35 of Ihe. '912 patent fails.thc enablement requirement because 
the specification does not teach a person of ordinary- skill in the relevant arts how to practice the 
purportedly disclosed invention withoul undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 35 (330:27-57), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 35. Claim 35 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "second processing environment remote from first processing 
environment," "identification information"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. For these reasons and for the reasons stated above with 
respect to all of the claims, Claim 35 fails the enablement and written description requirements of 
35 U.S.C. § 1121 1. 

The '900 Patent 

Claim 155: Claim 155 of the '900 patent fails the enablement requirement 
because the specification docs not teach a person of ordinary skill in the relevant arts how to 
practice the purportedly disclosed invention without undue experimentation in the development of 
enabling software. Specifically, several limitations in Claim 155 (370:30-55), -both explicitly and 
implicitly require, software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, a person of skill in the art would have to engage a 
process oi inai and error, pernaps followed r..y nottom up soil ware- development, ir. oroer to ma'Kf: 
and use the full scope of Claim 155. Claim 155 also fails the enablement requirement in light of 
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the breadth of the subject matter claimed (e.g. "host processing environment," "tamper resistant 
software designed to be loaded into said main memory . . .," "machine check programming which 
derives information . . .," "integrity programming"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill. in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. For these reasons and for the reasons stated above with 
respect to all of the claims, Claim 155 fails the enablement and written description requirements 
of 35 U.S.C. § J 12 5 1. 

Claim 156: Claim 156 of the '900 patent fails the enablement requirement 
because the specification does not teach a person of ordinary skill in the relevant arts how to 
practice the purportedly disclosed invention without undue experimentation in the development of 
enabling software. Specifically, several limitations in Claim 156 (370:57-371:15), both explicitly 
and implicitly require software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, a person of skill in the art would have to engage a 
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and use the full scope of Claim J 56. Claim 156 also fails the enablement requirement in light of 
the breadth of the subject matter claimed (e.g. "virtual distribution environment/ 1 "host 
processing environment/' "tamper resistant software designed 10 be loaded into said main 
memory . . "machine check programming which derives information . . "integrity 
programming"). The specification does not teach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons staled above with respect to all of the claims, 
Claim 156 fails the enablement and written description requirements of 35 U.S.C. § J J2*| 1. 

Claim 157: Claim 157 of the '900 patent fails the enablement requirement 
because the specification does not teach a person of ordinary skill in the relevant arts how to 
practice the nurponerijv disclosed invention wiihoin undue- experimentation in the development of 
enabling software. Specifically, several limitations in Claim 157 (371:16-42). both explicitly and 
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implicitly require software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, . a person of skill in the art would have to engage a 
process of trial and error, perhaps followed by bottom up software development, in order to .make 
and use the full scope of Claim 157. Claim 157 also fails the enablement requirement in light of 
the breadth of the subject matter claimed (e.g. "virtual distribution environment," "host 
processing environment" "tamper resistant software designed to be loaded into said main 
memory . . .," "machine check programming which derives infoimation . . "integrity 
programming"). The specification does not leach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 157 fails the enablement and written description requirements of 35 U.S.C. § 1 12 $ 1. 
The '721 Patent 

Claim 1: Claim 1 of the '721 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software- Specifically, several limitations in Claim 1 (21 : 10-24), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 1. Claim 1 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "load module/' "tamper resistance/' "security level"). The 
specification does not teach a person of ordinary skill in the an how to practice the full scope of 
the claim, and a person of skill in the an would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. For these 
reasons and for the reasons stated above with respect to all of the claims, Claim 1 fails the 
enablement and wnuen description jeqiuremenis of 35 U.S.C § 1 3 2 3. 

Claim 5: Claim 5 of the 121 patent fails the enablement requirement because the 

MlCkOSOFfS I'RfiLIMlNAKV INVALIDITY CONTliNTlONS 
' 3v " COMWOSBAJMEJ) 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
J3 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 

28 



specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly, disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 5 (21:39-47), both explicitly and implicitly 
require software, Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to -engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 5. Claim 5 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "software verifying method," "specification"). The 
specification does not teach a person of ordinary skill in the art how to practice the full scope of 
the claim, and a person of skill in the art would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. For these 
reasons and for the reasons stated above with respect to all of the claims, Claim 5 fails the 
enablement and written description requirements of 35 U.S.C. § 1 12 1 J . 

Claim 9: Claim 9 of the *721 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 9 (22:5-15), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 9. Claim 9 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "distinguishing between trusted and untrusted load modules . . 

"associated digital signature," "conditionally executing 71 ). The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the an would therefore be required to undertake undue experimentation in order to make and 
use the invention across the full scope claimed. For these reasons and for the reasons stated 
above with respect 10 all of ine claims, Claim V Jails tne enablement and wrinen description 
requirements of 35 U.S.C § 1 12% 1 . 

O q M ICKOSOFT s pkeum inary invalidity contentions 

' ^ ' C 01-1 640 SBA(MEJ) 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 

14 

15 

16 

17 

18 

19 

20 

21 

22 

23 

24 

25 

26 

2S 



Claim 14: Claim 14 of the 721 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 14 (22:44-51), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 14. Claim 14 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "arrangement within the first tamper resistant barrier 
that prevents . . .,"). The specification does not teach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 14 fails the enablement and written description requirements of 35 ILS.C. § 1 12 $ 1. 

Claim 18: Claim IS of the '721 patent fails the enablement requirement because 
the specification does not leach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 1 8 (22:64-25:3), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 18. Claim 18 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "preventing the first computing arrangement . . ."). 
The specification does not teach a person of ordinary skill in the art how to practice the full scope 
of the claim, and a person of skill in the art would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. For these 
reasons and for the reasons siaie.d above with re.sne.ci in al! of the claims. Claim 1 8 fails thr* 
enablement and written description requirements of 35 U.S.C. § 112$ 1. 
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Claim 34; Claim 34 of the '721 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 34 (24:47-56), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no pcaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 34. Claim 34 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "secure execution space," "security lever*). The 
specification does not teach a person of ordinary skill in the art how to practice the full scope of 
the claim, and a person of skill in the an would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. For these 
reasons and for the reasons staled above with respect to all of the claims, Claim 34 fails the 
enablement and written description requirements of 35 U.S.C. § 112% 1. 

Claim 38: Claim 38 of the '72 J patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 38 (25:1-8), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 38. Claim 38 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "computing arrangement surrounded by a first tamper 
resistant barrier . . . ;" "security level")- The specification does not leach a person of ordinary 
skill in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across ihr full scorn cjaimed. For these reason: and lor the reason?, stated above with respect to 
all of the claims, Claim 38 fails the enablement and written description requirements of 35 U.S.C. 
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§11211. 

The '019 Patent 

Claim 1: Claim 1 of the '019 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 1 (319:46-320:7), both explicitly and 
implicitly require software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, a person of skill in the art would have lo engage a 
process of trial and error, perhaps followed by bottom Op software development, in order to make 
and use the full scope of Claim 1 . Claim 1 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "associated control," "protected," transferring," 
"protected content file") The specification does not teach a person of ordinary skill in the art how 
to practice the full scope of the claim, and a person of skill in the art would therefore be required 
to undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 1 fails the enablement and written description requirements of 35 U.S.C. § 112 f 1. 

Claim 33: Claim 33 of the '019 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 33 (323:60-324:14), both explicitly and 
implicitly require software. Since no software is disclosed in the specification, and no 
meaningful programming guidance is provided, a person of skill in the art would have to engage a 
process of trial and error, perhaps followed by bottom up software development, in order to make 
and use the full scope of Claim 33. Claim 33 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "means for incorporating," "means for transferring," 
"protected data") The specification does not teach a person of ordinary skill in the art how to 
practice the lull scope of the claim, and a person of skill m the an would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
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claimed. For these reasons and for ihe reasons stated above with respect to all of the claims, 
Claim 33 fails the enablement and written description requirements of 35 U.S.C. § 1 12 1 1. 

Claim 34: Claim 34 is dependent upon Claim 33 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In 
addition, the limitation of Claim 34 fails because it requires additional undisclosed software. 
Claim 34 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. 'means for applying"). The specification does not teach a person of ordinary skill 
in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 35: Claim 35 is dependent upon Claim 34 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 121 1 for the reasons stated above. In 
addition, the limitation of Claim 35 fails because it requires additional undisclosed software. 
Claim 35 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means for applying"). The specification does not teach a person of ordinary skill 
in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 41; Claim 4 J of the '019 patent fails the enablement requirement because 
the specification does not leach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 4] (325:7-29), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 41. C1aim41 also fails the enablement requirement in light of the breadth 
of the subieci manor Claimed u^. "virtual distribution environment") The specification does not 
teach a person of ordinary skill in the art how to practice the full scope of the claim, and a person 
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of skill in the art would therefore be required to undertake undue experimentation in order to 
make and use the invention across the full scope claimed. For these reasons and for the reasons 
stated above with respect to all of the claims, Claim 41 fails the enablement and written 
description requirements of 35 ILS.C. § 112 f L 

Chiim 42: Claim 42 is dependent upon Claim 41 and thus fails the enablement 
and written description requirements of 35 U.S.C § 112 % 1 for the reasons stated above. In 
addition, the limitation of Claim 42 fails because it requires additional undisclosed software. 
Claim 42 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "control " "protected information " "secure container"). The specification does not 
teach a person of ordinary skill in the art how to practice the full scope of the claim, and a person 
of skill in the art would therefore be required to undertake undue experimentation in order to 
make and use the invention across the full scope claimed. 

Claim 47: Claim 47 is dependent upon Claim 41 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 $ 1 for the reasons stated above. In 
addition, the limitation of Claim 47 fails because it requires additional undisclosed software. 
Claim 47 also fails the enablement requirement in light of the breadth of the subject matter 
claimed {e.g. "control"). The specification does not teach a person of ordinary skill in the art how 
to practice the full scope of the claim, and a person of skill in the art would therefore be required 
to undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 52: Claim 52 is dependent upon Claim 41 and thus fails the enablement 
and written description requirements of 35 U.S.C. §] 12 5 1 for the reasons stated above. In 
addition, the limitation of Claim 52 fails because it requires additional undisclosed software. 
Claim 52 also fails the enablement requirement in light of the breadth of the subject matter 
claimed {e.g. "creating" "secure container/ 1 "site"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore he required to undertake undue experimentation in order to make- ana use the 
invention across the full scope claimed. 
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Claim 53: Claim 53 is dependent upon Claim 52 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons slated above. In 
addition, the limitation of Claim 53 fails because it requires additional undisclosed software. 
Claim 53 also fails the enablement requirement in light of the breadth of the subject matter 
claimed {e.g. "associated")- The specification does not teach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 54: Claim 54 is dependent upon Claim 53 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In 
addition, the" limitation of Claim 54 fails because it requires additional undisclosed software. 
Claim 54 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "associated"). The specification does not leach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 55: Claim 55 is dependent upon Claim 54 and thus fails the enablement 
and written description requirements of 35 U.S.C. §112^1 for the reasons stated above. In 
addition, the limitation of Claim 55 fails because it requires additional undisclosed software. 
Claim 55 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "site"). The specification does not leach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 64: Claim 64 is dependent upon Claim 54 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons staled above. In 
addition, the hirmanon oj Claim M iniH necau.se w require? adaiuonaj undisclosed soli ware. 
Claim 64 also fails the enablement requirement in light of the breadth of the subject matter 
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claimed (e.g. . "portion of said first protecied information''). The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the art would therefore he required to undertake undue experimentation in order to make and 
use the invention across the full scope claimed. 

Claim 76: Claim 76 is dependent upon Claim 41 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 % 1 for the reasons stated above. In 
addition, the limitation of Claim 76 fails because it requires additional undisclosed software. 
Claim 76 also fails the enablement requirement in light of the breadth .of the subject matter 
claimed (e.g. "secure container/' "contained")- The specification does not teach a person of 
ordinary skill in the art how to practice the f'jll scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 78: Claim 78 is dependent upon Claim 52 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In 
addition, the limitation of Claim 78 fails because it requires additional undisclosed software. 
Claim 78 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "secure container," "contained"). The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 81: Claim 81 of the '019 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 81 (328:9-23), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order io make and use 
the full scope of Clnim 81. Claim 81 also fails the enablement requirement in light of the breadth 
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of the subject matter claimed (e.g. "means for incorporating") The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the art would therefore be required to undertake undue experimentation in order lo make and 
use the invention across the full scope claimed. For these reasons and for the reasons slated 
above with respect to all of the claims, Claim 81 fails the enablement and written description 
requirements of 35 U.S.C. §11211. 

Claim 82: Claim 82 is dependent upon Claim 81 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In ' 
addition, the limitation of Claim 82 fails because it requires additional undisclosed software. 
Claim 82 also fails the enablement requirement in light of the breadth t)f the subject matter 
claimed (e.g. "means for applying," "govern"). The specification does not teach a person of 
ordinary skill in the art how lo practice the full scope of the claim, and a person of skill in the art 
would therefore be required lo undertake undue experimentation in-order to make and use the 
invention across the full scope claimed. 

Claim 83: Claim 83 is dependent upon C J aim 82 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112<j| 1 for the reasons slated above. In 
addition, the limitation of Claim 83 fails because it requires additional undisclosed software. 
Claim 83 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "govern," "means for applying"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in OTder to make and use the 
invention across the full scope claimed. 

Claim 85: Claim 85 of the '019 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 85 (328:28-56), both explicitly and implicitly 
require sohwar;:. Since no soiiw;irf is disclosed m the specification, and no meaningful 
programming guidance is provided, a person of skill in the ail would have to engage a process of 
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trial and error, perhaps followed by bottom up software development, in order to make and use 
the fu]] scope of Claim 85. Claim 85 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "creating," "copying," transferring") The specification does 
not teach a person of ordinary' skill in the art how to practice the full scope of the claim, and a 
person of skill in the art would therefore be required to undertake undue experimentation in order 
to make and use the invention across the full scope claimed. For these reasons and for the reasons 
stated above with respect to all of the claims, Claim 85 fails the enablement and written 
description requirements of 35 U.S.C. § 1 12 1 J. 

Claim 87: Claim 87 is dependent upon Claim 85 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 i 1 for the reasons stated above. In 
addition, the limitation of Claim 87 fails because it requires additional undisclosed software. 
Claim 87 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "copied," "protected information"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope, of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 89: Claim 89 is dependent upon Claim 85 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In 
addition, the limitation of Claim 89 fails because it requires additional undisclosed software. 
Claim 89 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "copying," "transferrins"). The specification does not teach a person of ordinary 
skill in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 90: Claim 90 is dependent upon Claim 85 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 H 1 for the reasons stated above. )n 
addition, the limitation of Garni 90 fails because n requires additional undisclosed soiiwarc. 
Claim 90 also fails the enablement requirement in light of the breadth of the subject matter 
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claimed (e.g. "memory"). The specification docs not teach a person of ordinary skill in the an 
how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across -the 
full scope claimed. 

Claim 93: Claim 93 is dependent upon Claim 85 and thus fails the enablement 
and written description requirements of 35 U.S.C § ] 12 % 1 for the reasons stated above. In 
addition, the limitation, of Claim 93 fails because it requires additional undisclosed software. 
Claim 93 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e,g. "copying transferring"). The specification does not teach a person of ordinary skill 
in the art how 10 practice the full scope of the claim, and a person of skill in the art wduld 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 94: Claim 94 is dependent upon Claim 85 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In 
addition, the limitation of Claim 89 fails because it requires additional undisclosed software. 

Claim 95: Claim 95 is dependent upon Claim 94 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 11211 for the reasons stated above. In 
addition, the limitation of Claim 95 fails because it requires additional undisclosed software. 
Claim 95 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "copied," "protected information"). The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 96: Claim 96 of the *019 patent fails the enablement requirement because 
the specification docs not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
sojiwart . bpecihcaJjy. several hmnauons. m Gaim V'o i'3?V': 3 £-330: 1 2 ). both explicitly and 
implicitly require software. Since no software is disclosed in the specification, and no 
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meaningful programming guidance is provided, a person of skill in the art would have to engage a 
process of trial and error, perhaps followed by bottom up software development, in order to make 
and use the full scope of Claim 96. Claim 96 also fails the enablement requirement in light of the 
breadth of the subject matter claimed (e.g. "virtual distribution environment," "protected 
information") The specification does not teach a person of ordinary skill in the art how to 
practice the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 96 fails the enablement and written description requirements of 35 U.S.C. § 1 12 1 1. 
The '876 Patent 

Claim 2: Claim 2 of the '876 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 2 (319:20-32), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 2. Claim 2 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "means for . . . securely integrating," "value chain extended 
agreement"). The specification does not teach a person of ordinary skill in the art how to practice 
the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. For these reasons and for the reasons stated above with respect to all of the claims, 
Claim 2 fails the enablement and written description requirements of 35 U.S.C. §112^1. 

Claim 11: Claim 1 1 is dependent upon Claim 2 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In addition, 
ihe bmiiauori of Chum 1 1 fails because it requires additional undisclosed software. Claim 3 1 also 
fails the enablement requirement in light of the breadth of ihe subject matter claimed (e.g. 
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"Virtual Distribution Environment"). The specification does not teach a person of ordinary skill 
in the an how to practice the full scope of the claim, and a person of skill in the an would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. . 

Claim 29: Claim 29 is dependent upon Claim 2 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 1 2 1 1 for the reasons stated above. In addition, 
the limitation of Claim 29 fails because it requires additional undisclosed software. Claim 29 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "secure 
control," "required terms"). The specification does not teach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 32: Claim 32 is dependent upon Claim 2 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In addition, 
the limitation of Claim 32 fails because it requires additional undisclosed software. Claim 32 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "secure 
control," "required terms"). The specification does not leach a person of ordinary skill in the art 
how 10 practice the full scope of the claim, and a person of skill in the art would therefore be 
required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 60: Claim 60 is dependent upon Claim 2 and thus fails the enablement and 
written description requirements of 35 U.S.C. § 1 12 1 J for the reasons stated above. In addition, 
the limitation of Claim 60 fails because it requires additional undisclosed software. Claim 60 also 
fails the enablement requirement in light of the breadth of the subject matter claimed (e.g. "secure 
control " "required terms"). The specification does not teach a person of ordinary skill in the art 
how to practice the full scope of the claim, and a person of skill in the an would therefore be 
required to undertake unaue expenmemauon in order 10 make ana use the invenuon across the 
full scope claimed. 
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Claim 130: Claim 130 is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In 
addition, the limitation of Claim 29 fails because it requires additional undisclosed software. 
Claim 29 also faiJs the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means for executing . . . control")- The specification does not.teach a person of 
ordinary skill in the art bow to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and' use the 
invention across the full scope claimed. 

Claim 132: Claim 132 is dependent upon Claim ]30 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 J 2 1 1 for the reasons stated above. In 
addition, the limitation of Claim 132 fails because it requires additional undisclosed software. 
Claim 132 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "protected processing environment")* The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 161: Claim 161 is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S.C § 112 1 1 for the reasons stated above. Jn 
addition, the limitation of Claim 161 fails because it requires additional undisclosed software. 
Claim 161. also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "machine executable controls")- The specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore he required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 162: Claim 162 is dependent upon Claim 161 and thus fails the enablement 
and written description requirements of 35 U.S.C §112 11 for the reasons stated above. In 
addition, the limitation of Claim 162 fails because- u icouire^ additional undisclosed software* 
Claim 162 also fails the enablement requirement in light of the breadth of the subject matter 
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claimed (e.g. "data descriptor data structures"). The.'specification does not teach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 170: Claim 170 is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 % 1 for the reasons stated above. In 
addition, the limitation of Claim 170 fails because it requires additional undisclosed software. 
Claim 170 also fails the enablement requirement in light of the breadth of the subject matter • 
claimed (e.g. "means for creating a first secure control"). The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the art would therefore he required to undertake undue experimentation in order to make and 
use the invention across the full scope claimed. 

Claim 371: Claim 171 is dependent upon Claim 2 and ihus fails the enablement 
and written description requirements of 35 U.S.C. § ] ] 2 1 1 for the reasons stated above. In 
addition, the limitation of Claim 171 fails because it requires additional undisclosed software. 
Claim 171 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means for creating . . . secure control"). The specification does not teach a person 
of ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the 
art would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 172: Claim 172 is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1121 1 for the reasons stated above. In 
addition, the limitation of Claim 172 fails because it requires additional undisclosed software. 
Claim 172 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means . . . for securely integrating"). The specification does not teach a person of 
ordinary skill in the art how 10 practice the full scope of the claim, and a person of skill in the an 
would ihereforr be reomred in undertake undue cxpcnmentHiion in order to make and use the 
invention across the full scope claimed. 
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Claim 329: Claim 329 is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S. C. § 1 12 1 1 for the reasons staled above. In 
addition, the limitation or Claim 329 fails because it requires additional undisclosed software. 
Claim 329 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means for creating . . . secure control")- The specification does not teach a person 
of ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the 
art would therefore be required to undertake undue experimentation in order to make aind use the 
invention across the full scope claimed. 

Claim 331: Claim 33) is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S.C.§ 1 12 1 1 for the reasons stated abo\e. In 
addition, the limitation of Claim 331 fails because it requires additional undisclosed software. 
Claim 331 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means ... for securely integrating," "based on or compatible with . . .")• The 
specification does not leach a person of ordinary skill in the an how to practice the full scope of 
the claim, and a person of skill in the art would therefore be required to undertake undue 
experimentation in order to make and use the invention across the full scope claimed. 

Claim 346: Claim 346 is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S. C. § 1 12 <jl 1 for the reasons stated above. In 
addition, the limitation of Claim 346 fails because it requires additional undisclosed software. 
Claim 346 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means by which said third control set governs . . .")• The specification does not 
teach a person of ordinary skill in the an how to practice the full scope of the claim, and a person 
of skill in the an would therefore be required to undertake undue experimentation in order to 
make and use the invention across the full scope claimed. 

Claim 347: Claim 347 is dependent upon Claim 2 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons staled above. In 
addition, the hmitanon of Claim 347 fail? because ii requires additional undisclosed software. 
Claim 347 also fails the enablement requirement, in light of the breadth of the subject matter 
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claimed (e.g. "means by which said third control set governs the execution of ai least one 
method"). The specification does not teach a person of ordinary skill in the art how to practice 
the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

Claim 349: Claim 349 is dependent upon CJaim 2 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 % 1 for the reasons stated above. In 
addition, the limitation of Claim 349 fails because it requires additional undisclosed software. 
Claim 349 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "means by which said third control set governs the execution of at least one 
procedure"). The specification does not teach a person of ordinary skill in the art how to practice 
the full scope of the claim, and a person of skill in the art would therefore be required to 
undertake undue experimentation in order to make and use the invention across the full scope 
claimed. 

The '181 Patent 

Claim 48: Claim 48 of the * J 81 patent fails the enablement requirement because 
the specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim 48 (48:37-38), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided^ a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 48. Claim 48 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "narrowcasting selected digital information," secure node/ 1 
"information derived in part from specified recipient's creation"). The specification does not 
teach a person of ordinary skill in the art how to practice the full scope of the claim, and a person 
of skili in the an would inereforc he rcquircG 10 imricnake unaue experimentation m order re- 
make and use the invention across the full scope claimed. For these reasons and for the reasons 
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stated above with respect to all of the claims, Claim 48 fails the enablement and written 
description requirements of 35 U.S.C. §11211. 

Claim 59: Claim 59 is dependent upon Claim 48 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons staled above. In 
addition, the limitation of Claim 59 fails because it requires additional undisclosed software. 
Claim 59 also fails the enablement requirement in light of the breadth of the subject matter 
claimed. The specification does not leach a person of ordinary skill in the art how to practice the 
full scope of the claim, and a person of skill in the an would therefore be required to undertake" 
undue experimentation in. order to make and use the invention across the full scope claimed. 

Claim 61 : Claim 6J is dependent upon Claim 48 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 i 1 for the reasons stated above. In 
addition, the limitation of Claim 61 fails because it requires additional undisclosed software. 
Claim 61 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "entertainment information"). The specification does not teach a person of ordinary 
skill in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across the full scope claimed. 

Claim 63: Claim 63 is dependent upon Claim 48 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons slated above. In 
addition, the limitation of Claim 63 fails because it requires additional undisclosed software. 
Claim 63 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "music information"). The specification does not teach a person of ordinary skill in 
the art how to practice the full scope of the claim, and a person of skill in the art would therefore 
be required to undertake undue experimentation in order to make and use the invention across the 
full scope claimed. 

Claim 67: Claim 67 is dependent upon Claim 4S and thus fails the enablement 
and written description requirements of 35 U.S.C. ? 112 % 1 lor me reasons stated anovc. )r. 
addition, the limitation of Claim 67 fails because it requires additional undisclosed software. 
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Claim 67 also fails the enablement requirement in light of the breadth of the subject matter 
claimed {e.g. "digital certificate information"). The specification does not leach a person of 
ordinary skill in the art how to practice the full scope of the claim, and a person of skill in the art 
would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 70: Claim 70 is dependent upon Claim 48 and thus fails the enablement 
and written description requirements of 35 U.S.C. §112^1 for the reasons stated above. In 
addition, the limitation of Claim 70 fails because it requires additional undisclosed software. 
Claim 70 also fails the enablement requirement in light of the breadth of the subject matter 
claimed. The specification does not teach a person of ordinary skill in the art how to practice the 
full scope of the claim, and a person of skill in the art would therefore be required to undertake 
undue experimentation in order to make and use the invention across the full scope claimed. 

Claim 72: Claim 72 is dependent upon Claim 48 and thus fails the enablement 
and written description requirements of 35 U.S.C. §11211. for the reasons stated above. In 
addition, the limitation of Claim 72 fails because it requires additional undisclosed software. 
Claim 72 also fails the enablement requirement in light of the breadth of the subject matter 
claimed. The specification does not teach a person of ordinary skill in the art how to practice the 
full scope of the claim, and a person of skill in the art would therefore be required to undertake 
undue experimentation in order to make and use the invention across the full scope claimed. 

Claim 75: Claim 75 is dependent upon Claim 72 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 H 1 for the reasons stated above. In 
addition, the limitation of Claim 75 fails because it requires additional undisclosed software. 
Claim 75 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "acceptable clearinghouse," 'rights and permissions clearinghouse")* The 
specification does not teach a person of ordinary skill in the art how to practice the full scope of 
the claim, and a person of skill in the art would therefore be required to undertake undue 
expenmcnianon ;n order 10 make and use tnr inversion across the full scope claimed. 

Claim S9: Claim 89 is dependent upon Claim 48 and thus fails the enablement 
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and written description requirements of 35 U.S.C. § 1 121 J for the reasons stated above. 

Claim 91: Claim 91 of the '181 patent fails the enablement requirement because 
the specification does not leach a person of ordinary skill in the relevant arts how to practice, the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limiialions in Claim 91 (86:47-87:4) ; both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
programming guidance is provided, a person of skill in the art would have to engage a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
the full scope of Claim 91. Claim 91 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "naiTOWcasting selected digital information," secure node," 
"information derived in part from specified recipient entity's creation")- The specification does 
not leach a person of ordinary skill in the art how to practice the full scope of the claim, and a 
person of skill in the art would therefore be required to undertake, undue experimentation in order 
to make and use the invention across the full scope claimed. For these reasons and for the reasons 
stated above with respect to all of the claims, Claim 91 fails the enablement and written 
description requirements of 35 U.S.C § 1121 1. 

Claim 1 04: Claim 104 is dependent upon Claim 91 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 1 2 % 1 for the reasons stated above. In 
addition, the limitation of Claim 104 Tails because it requires additional undisclosed software. 
Claim 104 also fails the enablement requirement in light of the breadth of the subject matter 
claimed. The specification does nol teach a person of ordinary skill in the art how to practice the 
full scope of the claim, and a person of skill in the art would therefore be required to undertake 
undue experimentation in order to make and use ihe invention across the full scope claimed. 

Claim .109: Claim 109 is dependent upon Claim 91 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 112 1 1 for the reasons stated above. In 
addition, the limitation of Claim 309 fails because it requires additional undisclosed software. 
Claim 109 also fails ihe enablement requirement in iigln ol i he. breadth of the subject mallei 
claimed. The specification docs not teach a person of ordinary skill in the an how to practice the 
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full scope of the claim, and a person of skill in the art would therefore be required to undertake 
undue experimentation in order to make and use the invention across the full scope claimed. 

Claim 114: Claim 1 14 is dependent upon Claim 91 and thus fails the enablement 
and written description requirements of 35 U.S. C. § 1 12 ^ 1 for the reasons stated above. In 
addition, the limitation of Claim 114 fails because it requires additional undisclosed software. 
Claim 114 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g. "clearinghouse acceptable to rightsholders"). The specification does not teach a 
person of ordinary skill in the art how to practice the full scope of the claim, and a person of skill 
in the art would therefore be required to undertake undue experimentation in order to make and 
use the invention across the full scope claimed. 

Claim 117: Claim 117 is dependent upon Claim 1 14 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 1 1 for the reasons stated above. In 
addition, the limitation of Claim 117 fails because it requires additional undisclosed software. 
Claim 117 also fails the enablement requirement in light of the breadth of the subject matter 
claimed (e.g, "rights and permissions clearinghouse"). The specification does not teach a person 
of ordinary skill in the ail how to practice the full scope of the claim, and a person of skill in the 
art would therefore be required to undertake undue experimentation in order to make and use the 
invention across the full scope claimed. 

Claim 131: Claim 131 is dependent upon Claim 91 and thus fails the enablement 
and written description requirements of 35 U.S.C. § 1 12 ^ 1 for the reasons stated above. 

The '402 Patent 

Claim 1: Claim 1 of the '402 patent fails the enablement requirement because the 
specification does not teach a person of ordinary skill in the relevant arts how to practice the 
purportedly disclosed invention without undue experimentation in the development of enabling 
software. Specifically, several limitations in Claim ] (322:5-25), both explicitly and implicitly 
require software. Since no software is disclosed in the specification, and no meaningful 
proerammin;: yuiaanco* is provided, a person of skill in the an would have to engace a process of 
trial and error, perhaps followed by bottom up software development, in order to make and use 
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the fuJI scope of Claim 1 . Claim 1 also fails the enablement requirement in light of the breadth 
of the subject matter claimed (e.g. "creating," "having associated a first control" "value chain 
extended agreement," "transferring"). The specification does not teach a person of ordinary skill 
in the art how to practice the full scope of the claim, and a person of skill in the art would 
therefore be required to undertake undue experimentation in order to make and use the invention 
across ihe full scope claimed. For these reasons and for the reasons staled above with respect lo 
all of the claims, Claim 1 fails the enablement and written description requirements of 35U.S.C. 
§11211. 

IV. Patent L.R. 3-4 

Each reference identified pursuant lo PLR 3-3(a) but not in the prosecution history, 

and the documents referenced in PLR 3-4 that are sufficient to show the operation of the accused 

features of the products specifically and properly identified in InicrTrust's PLR 3-1 Statements of 

September 2, 2003, has been or is being produced, oris otherwise available for inspection and 

copying. As set forth in greater detail in Microsoft's Motion to Strike InterTrust's Infringement 

Contentions (filed October 8, 2003), InterTrust's Infringement Contentions pursuant to PLR 3-1 

largely fail to properly identify the "accused instrumentalities." Accordingly, Microsoft reserves 

its right to modify this production, if necessary- Microsoft has specifically sought, and has been 

granted, greater protection and confidentiality for its source code than that provided by Patent 

Local Rule 2-2. Source code for the Accused Instrumentalities is being made available for 

inspection at the offices of Orrick, Herrington & SutcJiffe LLP only in accordance with 

/// 

/// 

/// 

/// 



-60- 



MICROSOFT'S PRELIMINARY INVauWIT CONTORTIONS 
C 01-1040 SB A ( MEJ) 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 

2S 



Magistrate James' Order of November 5, 2003. Microsoft does not concede that any source code 
made available for inspection (or any corresponding product or software) is or should be 
considered an Accused Instrumentality. 



Dated: November 17, 2003 . WILLIAM L: ANTHONY • 

ERIC L. WESENBERG 
HEIDI L. KEEFE 

ORRICK, HERR1NGTON & SUTCLIFFE LLP 

U\y v WilliaVL. Anthony 1^/7 
Attornevs for Defendant and Coumerclaiman! 
MICROSOFT CORPORATION 



MICROSOFT'S PRELIMINARY INVALIDITY CONTENTIONS 
C0J-U»4O SHA(MFJ) 



JnlerTrust Tccb. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 



IBB 








Yes 


Lacy, Jack; Snyder, James; Maher, David; "Music on the Internet and the 
Intellectual Property Protection Problem" 


y 


Yes 


"The PowerTV White Paper", powertv.com website. Oct. 1 1 , 1996 


Y 


Yes 


Coutrot, Francois; Michon, Vincent; "A Single Conditional Access System for 
Satellite-Cable and Terrestrial TV" IEEE Transactions on Consumer Electronics, 
Vol. 35, No. 3, Aur. 1989 


Y 


Yes 


'ISO 8583: Financial transaction card originated messages - Interchange message 
specifications^ ISO, Dec. 15, 1993 


Y 


Yes 


Harty, Kieran; Ho, Linda; "Case Study: The VISA Transaction Processing 
system , May 30, 1988 


Y 


j es 


U.^. 4,004,0^^; Apr. 22, Jyoo 




Yes 


Denning, Dorothy E.; "Secure Pe;sonal Computing in an Insecure Network", 
Coram, of the ACM, Vol. 22, No. S, Aug. 1979 




Yes 


Muftic, Sead; "Security Mechnisms for Computer Networks", Computer 
Communications and Networking, 1989 


Y 


Yes 


Kim, Gene H.; Spafford, Eugene H.; 'The Design and Implementation of Tripwire: 
A File System Integrity Checker", COAST Laboratory, Purdue University, Nov. 
J9, 1993 


Y 


I es 


Choudhury, Abhijit K.; Maxcmchuk, Nicholas F.; Paul, Sanjoy; Schulzrinne, 
Henning G.; Copyright Protection for Electronic Publishing Over Computer 
Networks", IEEE Network, May/Jun., 1995 




Yes 


Denning, Doiothv E.R.: CrvptoreraDhv and Data Security. Addison- Wesley 
Publishing Company, 1982, Reprinted with corrections, Jan. 1983 




Yes 


Hellman; "Multi-user Cryptographic Techniques" 




Yes 


Diffje, Whitfield; Hellman, Martin E; "New Directions in Cryptography", Stanford 
University, 1976 


Y 


Yes 


Kohl, J.; Neuman, C; "The Kerberos Network Authentication Service (V5)", 
Network Working Group RFC 1510. Sep. 1993 




Yes 


Diffie, Whitfield; van Oojschot, Paul C; Weiner, Michael J.; "Authentication and 
Authenticated Key Exchanges", Sun Microsystems and Bell-Northern Research, 
Mar. 6, 1992 




Yes 


Diffie, Whitfield; "The First Ten Years of Public-Key Cryptography", Proceedings 
of the IEEE, Vol. 76, No. 5, May, 1988 




Yes 


Kohnfelder, Loren M.; "Towards a Practical Public-Key Cryptosystem", May, 
1978 




Yes 


Kaliski, Jr., Burton S.; "A Layman's Guide to a Subset of ASN.I, BER, and DER", 
RSA Laboratories Technical Note, 1991, Revised Nov. 1, 1993 


Y 


Yes ] 


'PKCS HI: Cryptographic Message Syntax Standard", RSA Laboratories Technical 
Note, Ver. 1.5, Revised Nov. 1, 1993 




Y " i 


Walker, Stephen; "Notes from RSA Data Security Conference", Trusted 
nformation Systems, Jan. 18, 1994 


Y 


Yes j 

] 


Iygar, J.D.; Yee, Bennct; "Cryptography: It's Not Just for Electronic Mail 
Anymore", Carnegie Mellon University Tech. Report CMU-CS-93-107, Mar. ], 
1993 




Yes 1 


J.S. 4,658,093; Apr. 14, 1987 


Y 


Yes I 


JS. 4,405,829; Sep. 20, 1983 


Y 


Yes : 
l 


schneier, Bruce; Applied Cryptography: Protocols, Algorithms, and Source Code 
n C, John Wiley & Sons. Inc.. 1994 



* Any possible "Y M s that were missed shall not negate the anticipatory nature o\ a reference, particularly where 
there is a chart in Appendix B. 1 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 





^^^^^ 
^^^^ 




Y 


Yes 


Popek, Gerald J.; Kline, Charles S.; "Encryption and Secure Computer Networks", 
ACM Computing Surveys, Vol. 3 1 , No. 4, Dec. 1979 




Yes 


Diffie, Whitfield; Hellroan, Martin E; "New Directions in Cryptography". Stanford 
University, 1976 




Yes 


Castano, Silvana; Fugini, Mariagrazia; MarteHa, Giancarlo; Samarati, Pierangela; 
Database Security, ACM Press, 1994 


y 


Yes 


Thuraisingham, M.B.; "Mandatory Security in Object-Oriented Database Syslems*, 
OOPSLA '89 Proceedings, ACM, Oct. 1-6, 1989 


Y 


Yes 


Olivier, Martin S.; von Soims, Sebastiaan H.; "A Taxomonmy for Secure Object- 
Oriented Databases", ACM Transactions on Database Systems, Vol. 19, No. 1, 
Mar. 1994 


Y 


Yes 


Olivier, M.S.; von Solms, S.H.; "Building a Secure Database Using Self-Protecting 
Objects". Computers & Security, Vol. 11, No. 3, 1992 


Y 


Yes 


Olivier, M.S.; von Solms, S.H.; "DISCO: A Discretionary Security Model for 
Object-oriented Databases", IT Security; The Need for International Cooperation, 
Elsevier Science Publishers B.V., 1992 


Y 


Yes 


Oliver, Martin S.; "Secure Object-oriented Databases", Thesis for the degree of 
Doctor of Philosophy in Computer Science, Rand Afrikaans University, Dec, 1991 




Yes 


R. Ahad, et ah; IRIS, 1992 


Y 


Yes 


ORION l.k.a. ITASCA, MCC-Austin TX & Itasca Corp., 1985-1995 


Y 


Yes 


Olivier, Martin S.; SECDB, 1990-1995 


Y 


Yes 


'THOR: A Distributed Object-Oriented Database System", MIT 


Y 


Yes 


Millen, Jonathan K.; Lunt, Teresa F.; "Security for Object-Oriented Database 
Systems", IEEE 0- 8 1 86-2825- 1 ; 1 992 




Yes 


Choy, D.M. ct al.; "A Digital Library System for Periodicals Distribution", May 
1996 






Mathy, Laurent; 'Features of The ACCOPI Multimedia Transport Service", 
Lecture Notes in Computer Science, No. 1045, Proc. Of European Workshop 
IDMS*96,Mar. 1996; 


Y 


Yes 


"Access Control and COpyright Protection for Images Security Technology for 
Graphics and Communication Systems - RACE Ml 005: ACCOPI" , webpage, 
Security Projects at Fraunhofer-IGD, 2002; 

ACCOPI RACE Project M1O05 Warning of ACCOPI web pages removal, UCL 
r .ahnratnirr. Hp Iplprnmrnnnirarinm rt frlrdf.t ration 






'The Amide Products" web page; 


Y 


Yes 

( 


'Forum on Technology-Based Intel Jectual Property Management - Electronic 
Commerce for Content", IMA Intellectual Property Proceedings, Vol. 2, Jun. 1996 


Y 


Yes 

i 

1 


Van Slype, Georges; "Natuial Language Version of the generic CITED model — 
Vol. I: Presentation of the generic model, ver. 3.0"; and "Vol. 11: CITED usage 
nonitoring system design for computej based applications, ver. 1.0", Project 5469, 
fhe CITED Consortium, Sep. 6, 1993 



* Any possible "Y"s that were missed shall not negate the anticipatory nature ot a reference, particularly where 
there is a chart in Appendix B. 2 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 





mmmi 




y 


Yes 


"Technological Strategies for Protecting Intellectual Property in the Networked 
Muliimpriia FTivirnnmp-nr" IMA Intellectual Prorjertv Proceedings. Vol. 1. Issue 1. 
Jan. 1 994 ■ 


Y 


Yes 


COPICAT- 8195: "Copyright Ownership Projection in Computer- Assisted 
training , cor ivi 1 1 ucc. iyyj t 

Kelman, Alistair; "Electronic Copyright Management: Possibilities and Problems", 
Scientists for Labor Presentation. Nov. 14. 1996 


Y 


Yes 


onswoJu, L>ary jn.» a Metnofl ior jrroiecung opyngni on.iNciwuiKs , uvj/\ 
Intellectual Property Proceedings, Vol. 1 1 Issue 1, Jan. 1 994 




I cs 


jcncicson, jonn o., a opyrigni jvianagerneni oysicm iuj j^ciwuikcu jjiK.iai.uvg 
iviuiuxneui& , Jrroceeoings oi tne iyyj ijanmouin lnsuiuic ior /^avaijccu orauudic 
Studies, 1995 




Yes 


Burns, Christopher; "AAP Draft: Local Access and Usage Controls". Association 
oi American ruonsners Kepon, Apr. I J, lyyo 


Y 


Yes 


Choudhury, A.K.; Maxenchuk, N.F.; Paul, S.; Schulzrinne, H.G.; "Copyright 
Protection for Electronic Publishing over Computer Networks", Submitted to IEEE 
Network Magazine, Jun. 1994 




Yes 


Wayner, Peter; Dieital Copyright Protection, Academic Press, 1S>97 




Yes 


"Cryptolope Containers Technology: A White Paper", IBM InfoMarket Business 
Development Group 




Yes 


"Digital Rights EnTorcerncnt and Management: SupcrDistribution of Cryptolopes , 

TMJl 




Yes 


Xva|/lall, iVJaXL yv., UDJY1 v^I^pifiUpCi, OupCJ JL/Jili JL'UUVJIJ al Ki U I £. 1 LiiJ r^lguus 
Ma-no Dprrt^nf n TRK4 FV/~ 1QQ< 




Yes 


TP Wrnlc*;hf>n - PIJPTD" M Prntncnl«: and Services Tver IV An Architectural 
Overview", CNI, last update Nov, 20, 1997 


Y 


Yes 


Patent Amplication FP 0 567 800 Al * Nov 3 1993 


Y 


Yes 


Sibert, Olin; Bernstein, David; Van Wie, David; "The DigiBox: A Self-Protecting 
Container for Information Commerce**, First USENIX Workshop on Electronic 
Commerce, Jul. 11-12, 1995 


Y 


Yes 


Willert, Shawn; "Metered PCs: Is your system watching you?; Wave Systems beta 
tests new technology", IDG Communications, Inc. InfoWorld, May 2, 1994 


Y 


Yes 


Weber, Robert; "Metering Technologies for Digital Intellectual Property - A 
Report to the International Federation of Reproduction Rights Organisations", 
International Federation of Reproduction on Rights Organisations, Northeast 
Consulting Resources, Inc., Oct. 1994 


Y 


Yes 


TULIP Final Report, ISBN 0-444-82540- l r 1991, revised Sep. 18, 1996 




Yes 


U.S. 5,634,012; May 27, 1997 




Yes 


U.S. 5,715,403; Feb. 3, 1998 




Yes 


U.S. 5,845,281; Dec. 1. 1998 (For Priority, Feb. 1, 1995) 


Y 


T. ' 


3rin, Sergey; Davis, James; Garcia -Molina, Hector; "Copy Detection Mechanism 
br Digital Documents", Stanford University 


Y 


Yes J 
< 


Weber, Robert; "Digital Rights Management Technologies - A Report to the 
International Federation of Reproduction Rights Organisations", Northeast 
Consulting Resources. Inc.. Oct. 1995 



" Any possible *Y"s that were missed shall not negate the anticipatory nature of a reference, particularly where 
there is a chart in Appendix B. 3 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SB A (MEJ) 



APPENDIX OF PRIOR ART* 











Yes 


Erickson, John S.; "Rights Management Through Enhanced Attribution", Presented 
at INET 96 Proceedings, Jun., 1996 




Yes 


White, James E.; Tciescript: The Foundation for the Electronic Marketplace", . 
Ver. 5.0, General Mapic, Inc., Nov. 30, J 993 




Yes 


Ketchpel, Steve P.; Garcia-Molina, Hector; Paepcke, Andreas; "Shopping Models: 
A Flexible Architecture for Information Commerce", Stanford University 




Yes 


Lagoze, Carl; "A Secure Repository Design for Digital Libraries", D-Lib 
Magazine, Dec. 1995 


Y 


Yes 


"Introduction to Smart Cards v. 1.0", Gemplus Card International, Mar. 21, 1991 




Yes 


Abadi, M.; Buttows, M.; Kaufman, C; Lampson, B.; "Authentication and 
Delegation with Smart-cards", Digital Equipment Corporation 


Y 


Yes 


Tygar, J.D.; Yee, Bennet; "Dyad: A System for Using Physically Secure 
Coprocessors", IMA Intellectual Property Project Proceedings, Vol. 1, Issue 1 , Jan. 
1994 




Yes 


St. Johns, M.; "Draft Revised IP Security Option", Network Working Group, RFC 
1038, Jan. 1988 




Yes 


Galvin, J.; McCloghrie, K.; Davin, J.; H SNMP Security Protocols", Network 
Working Group RFC 1352, Jul., 3992 




Yes 


U.S.5.163,091;Nov. 10,1992 




Yes 


U.S. 5,355,474; Oct. 1 1 1994 


y 


Yes 


U.S. 5,678,170; Ocl. 14, 1997 




Yes 


U.S. 5,765,152; Jun. 9,1998 




Yes 


Shear, Victor; "Solutions for CD-ROM Pricing and Data Security Problems" 




Yes 


Williams, Tony; "Microsoft Object Strategy", Microsoft PowerPoint presentation, 
1990 


Y 


Yes 


"OLE 2.0 Draft Content: Object Linking & Embedding", Microsoft, Jun. 5, 1991 




Yes 


"Multimedia System Services Ver. 1 .0", Hewlett-Packard, IBM, & SunSoft, 1 993 




Yes 


Draft "Request for Technology: Multimedia System Services", Ver. 1.1, Interactive 
Multimedia Association Compatibility Project, Oct 16, 1992 




Yes 


"Request for Technology: Multimedia System Services", Ver. 2.0, Interactive 
Multimedia Association Compatibility Project, Nov. 9, 1992 




Yes 


Wobber, Edward; Abadi, Martin; Burrows, Mike; Lampson, Butler; 
"Authentication in the Taos Operating System", Digital Equipment Corporation, 
Dec. 10, 1993 




Yes 


Custer. Helen: Inside Windows NT. Microsoft Press, pages 26-42 and 329-330, 
1993 


Y 


Yes 


Dynamic linking of SunOS 


Y 


Yes 


Blaze, Matt, "A Cryptographic File System for Unix", preprint of paper to be 
presented at First ACM Conference on Communications and Computing Security, 
Nov. 3-5, 1993 




Yes ] 


Gamble, Todd; "Implementing Execution Controls in Unix", USENDC Association, 
Proceedings of the Seventh Systems Administration Conference (LISA VII), Nov. 
1-5, 1993 



* Any possible "Y"s that were missed shall not negate the anlictpatory nature ot a reference, particularly where 
there is a chart in Appendix B. 4 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 





MtiMM 




Y 


Yes 


CiarfinVfcl ^im^nrr ^nafforH firnr* Practical Unix Securitv O'RcilJv & Associates 




Yes 


T^Iitp M**tt* TnnrmiHic ToKtv "'PHp Arrliitwtnrp nrtrt TmriipmpniaiiOTi of Nelwfuk- 

DJd^&i Awl till} l\JnJLUlUi3, J VJll Jf ) i Uw / vj wiii i^ciuj o oif\j uiiuj^uik>niutivji i 4 /v 

T atiAr C*/*n*-il-*» J l-r^Ar>r T 7niv "* rt'lti rr\ V\ 1 o T 7r"i !i;pf rit\7 art^ A HP I Hpll T ^ rWtr-nt/^n^C 

leaver oecurjry ijnuer uiua , v^,u j ujii via univeisHy ajju r\ i oc j i~> c-u a^ulmji u uji i t.;>, 
1994 




Yes 


oaDunu, /vdVj o.» i nc i ypeu /access iviauiA iyiuuci , i^iutcc-ujjigo uj jlcoj^ 
Symposium on Security & Privacy, May 4-6, 1992 




Yes 


Curry 1 David A.; Unix System Security; A Guide for Users and System 
Administrators, Addison- wesjey, jyyz 


Y 


Yes 


FreeBSD System manager s Manual UDCONFIG , Oct. 3 t 19V J 




Yes 


"Requirements for the Software License Management System", System 
Management Work Group, Kev. 3, Unix international, Jul. Z3, jyyz 


Y 


Yes 


Film canister 


I 


i es 


Safety deposit box 




Yes 


Central Point Anti-Virus, Centra] Point Software, 1993 




ICS 


oymantec Ann- virus lor iwaciniosn {a.K.a. oAivij, oymaniec, lyyo 


Y 


Yes 


VirusCheck and VirusScan, McAfee, 1993 




Yes 


Goodman, Bill; Compactor Pro 




i es 


enigma v.zj 




Yes 


Stufflt Deluxe v. 1.5, v.3.0, v.3.5, Aladdin Systems, 1988-1994 


Y 


Yes 


Hams, Jed; Ruben, Ira; "Bento Specification**! Kev. 1.0d5, Apple Computer, Jul. 
15, 1993 




Yes 


Koewg, Andrew; "Automatic Software Distribution , USENIX Summer 
Conference Proceedings, Jun. 12-15, 1984 




I Co 


Microsoft Internet Explorer v„2.0 




Yes 


I tunK t^: UDiect-\JrieT)ted rropraminjnK rvaanuai, oyniantec v^orporation, i!?oy 






Yes 


Think Pn<;rfll IKrrMpnn^l ^vmantcc r^omnralion 1990 


Y 


Yes 


Mori, Ryoichi; Kawahara, Masaji; "Superdistribution: The Concept and the 
Architecture", The Transactions of the IEICE, Vol. E 73, No. 7, Jul., 1990 




Yes 


Epstein, Jeremy; Shugerman, Marvin; "A Trusted X Window System Server for 
Trusted Mach", USENDC Association, Mach Workshop, Aur. 30, 1990 




Yes 


McCollum, Catherine J.; Messing, Judith R.; Notargiacomo, LouAnna; "Beyond 
the Pale of MAC and DAC -- Defining New Forms of Access Control", IEEE, 1990 




Yes 


Abrams, Marshall D.; "Renewed Understanding of Access Control Policies", 
Proceedings of the 16th Computing National Security Conference, 1993 




Yes 


Blaze, Matt; Feigenbaum, Joan; Lacy, Jack; "Decentralized Trust Management", 
Proc. EEEE Conference on Security and Privacy, May 1996 


Y 


Yes 


Chaum. David; "Achieving Electronic Privacy", Scientific American, Aug. 1992 




Yes 


JniverCD: The interactive, online library of product information from Cisco 


Svstems. Cisco Systems, 1993 


Y 


Yes 1 


DCE 




- : 


nne, Todd; Minear, Spencer E.; "Assuring Distributed Trusted Mach", Secure 
Computing Corporation 




Yes 1 


U.S. 5.412,717; May 2, 1995 



* Any possible "Y"s that were missed shall not negate the anticipatory nature of a reference, particularly where 
there is a chart in Appendix B. 5 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 0M640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 









Yes 


Fugini, M.G.; Zicari, R.; "Authorization and Access Control in the Office-Net 
System* 1 , Computer Security in the Age of Information, DTP, 1989 




Yes 


Abadi, M.; Burros, M.; Lampson. B.; Plotkin, G.; "A Calculus for Access Control 
in Distributed Systems'*, Digital Equipment Corporation, Feb. 28, 1991, revised 
Aue. 28. 1991 - 




Yes 


Lampson, Butler; Abadi, Martin; Burrows, Michael; Wobber, Edward; 

" AiiThpnhrafirm in retributed Svsiems* Theorv and Practice**, Diaital Equipment 

Corporalion, 1992 




Yes 


Rivest, Ronald L.; Lampson, Butler; "SDSI - A Simple Distributed Security 




i es 


Thompson, Victoria P.; Wentz, F. Stan; "A Concept for Certification of an Army 

\>T¥ C X/f nnn ct frr\F>r\t T«fr»rmit linn ^i/ct^m" PrfV^pdlTlff^ OT the I 6 th NatlOnQl 

fvi I ^> ivjanflgciijcni lnnjiinouuji oyoicm , r juv&vuuigs v/i uiv -* ° 1 ,u " u ' 
Comouter Security Conference, Sep. 20-23, 1993 




Yes 


Frederick, Keith P.; "Certification and Accreditation Approach", Air Force 


Y 


I C5 


PCT Application WO 96/27155; Published Sep. 6, 1996 




I CO 


it c < gin Q87- Tmi ft 1999 


Y 


Yes 


Rozenblit, Moshe; "Secure Software Distribution", IEEE 0-7803- 181 1-0/94, 1994 


Y 


Y*>c 
J Co 


Stefik Mark* Internet Dreams: Archetypes, Myths, and Metaphors, "Letting Loose 
thf i io\tt- Tonitino Pnmmpxrft in Fltctronic Publication". The MTT Press, 1996 




i es 


ATATPwnnal ink IRffnreFeh 13 19951 






Neuman B. Clifford; "Proxy- Based Authorization and Accounting for Distributed 
Systems", Proceedings of the 13th Infl Conference on Distributed Computing 

^\'ct/-mc May 1 QQ"} 


Y 


Yes 


Tygar, J.D.; Yee, Bennet S.; (R. Rashid, ed.); "Strongbox; A System for Self- 
Securing Programs" 




Yes 


Yee, Bennet; Tygar, J.D.; "Secure Coprocessors in Electronic Commerce 
Applications", Proceedings of the First USEN1X Workshop on Electronic 
Commerce, Jul. 1995 




Yes 


U.S. 4,278,837; Jul. 14, 1981 




Yes 


U.S. 3,806,874; Apr. 23, 1974 


Y 


Yes 


U.S. 4,748,561; May 31, 1988 


V 


Yes 


U.S. 4,796,220; Jan. 3. 1989 




Yes 


U.S. 4,817,140; Max. 28, 1989 


Y 


Yes 


U.S. 4,866,769; Sep. 12, 1989 


Y 


Yes 


U.S. 5,014,234; May 7, 1991 


Y 


Yes 


U.S. 5,113,518; May 12, 1992 




Yes 


U.S. 5,204,897; Apr. 20, 1993 




Yes 


U.S. 5,218,605; Jun. 8, 1993 


Y 


Yes 


U.S. 5,260,999; Nov. 9, 1993 


Y 


Yes 


U.S. 5,291 ,598; Mar. 1, 1994 


Y 


Yes 


U.S. 5,337,357; Aur. 9, 1994 




Yes 


U.S. 5,421 ,006; May 30, 1995 




Yes 


U.S. 5,438,508; Aur. 1, 1995 




Yes 


U.S. 5,490,216; Feb. 6, 1996 


Y 


Yes 


U.S. 5,603 ,031 .Feb. 11,1997 



* Any possible "Y"s that were missed shall not negate the anticipatory nature of a reference, particularly where 
there is a chart in Appendix B. 6 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 




Yes 



U.S. 5,692,047; Nov, 25, 1997 



Yes 



U.S. 5,724.425; Mar. 3. 1998 



Yes 



U.S. 5,940,504; Aug. 17 T 3999 



Yes 



U.S. 5,978,484; Nov. 2, 1999 



Yes 



U.S. 6,01 6,393; Jan. 18, 2000 



Yes 



Woo, Thomas Y.C.; Lam, Simon S.; "A Framework for Distributed Authorization" 
1st Conf. Computer & Comm. Security, ACM, Nov., 3993 



Yes 



Sandh'u, Ravi S.; Suri, Gurpreet S.; "Implementation Considerations for the Typed 
Access Matrix Model in a Distributed Environment", Proc. Of the 15th National 
Computer Security Conference, Oct. 1992 



Yes 



O'Conner, Mary Ann; "New Distribution Options for Electonic Publishers: iOpencr 
Data Encryption and Metering System for CD-ROM Use", CD-ROM Professional, 
Vol 7, No. 2, ISSN 1409-0833, Mar. 1994 



Yes 



Herzberg, A; Karmi, G; "On Software Protection", Proceedings of the 4th 
Jerusalem Conference on Information Technology (JCIT), 1EE Computer Society 
Press, Apr. 1984 



Yes 



Smith, Mary Grace; Weber, Robert; "A New Set of Rules for Information 
Commerce: Rights-Protection Technologies and Personalized- Information 
Comerce Will Affect All Knowledge Workers", Communications Week, Nov. 6, 
1995 ' 



Yes 



DOD "Rainbow Scries" 



Yes 



Rosenthal, Doug; "EINet: A Secure, Open Network for Electronic Commerce" 
IEEE, 1994 



Yes 



Patent Application EP 0 367 700 A2; May 9, 1990 



Yes 



Hauser, R.; Bauknecht, K.; "LTTP Protection - A Pragmatic Approach to 
Licensing", Instirut fur Informatilc, Univcrsitat Zurich, Jan. 13, 1994 



Yes 



Multimedia Mixed Object Envelopes Supporting a Graduated Fee Scheme via 
Encryption"; IBM Technical Disclosure Bulletin, Vol. 37, No. 3, Mar. 1994 



Yes 



Cox, Brad; "No Silver Bullet Revistcd", American Programmer Journal, Nov. 1995 



Yes 



Privacy and the Nil: Safeguarding Telecommunications-Re jated Personal 
Information", U.S. Dept. of Commerce, Oct 1995 



Yes 



Joseph Ebersole, Protecting Intellectual Property Rights on the Information 
Superhighways, Mar. 1994 



Yes 



Herzberg, Amir; Printer, Shlomit S.; "Public Protection of Software", ACM 
Transactions on Computer Systems, Vol. 5, No. 4, Nov. 1987 



Yes 



Hickman, Kipp EJB.; SSL 2.0 Protocol Specification 



Yes 



GosJer, James; "Software Protection: Myth or Reality", Lecture Notes in Computer 
Science, Advances in Cryptology - Crypto '85 Proceedings, 1985 



Yes 



Aucsmith, David; "Tamper Resistent Software: An Implementation", IAL 



Yes 



U.S. Patent No. 5,671.279; Sept 23. 1997 



Yes 



Kahn, Robert; Wilensky, Robert; "A Framework for Distributed Digital Object 
Services", Corporation for National Research Initiatives , May 13, 1995 



Yes 



Gasser, Morrie; Goldstein, Andy; Kaufman, Charlie; Laropson, B; "The Digital 
Distributed System Security Architecture", Proceedings of 1989 National 
Computer Security Conference, 1989 



* Any possible "Y"s that were missed shall not negate the anticipatory nature of a reference, particularly wher 
there is a chart in Appendix B. 7 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SB A (MEJ) 



APPENDIX OF PRIOR ART* 









y 


J Cb 


Neuman, B. Clifford; Ts'o, Theodore; "Kcrbeios: An Authentication Service for 
Computer Networks", IEEE Communications Macazine. Sep. 1994 




Yes 


Reiher, Peter; Page, Jr., Thomas; Popek, Gerald; Cook, Jeff; Crocker, Stephen; 
"Truffles ~ Secure File Sharing With Minima! System Administrator Intervention', 
UCLA, Trusted Information Systems 


Y 


Yes 


Reiher, Peter; Page, Jr., Thomas; Popek, Gerald; Cook, Jeff; Crocker, Stephen; 
"Truffles - A Secure Service for Widespread File Sharing", UCLA, Trusted 
Information Svstems 


I 


Yes 


"ISO, Open Systems Interconnection: Security Architecture, ISO 7498/1", 1988 


Y 


Yes 


"ISO, Open Systems Interconnection: Security Architecture, ISO 7498/2", ISO, 
1988 




Yes 


U.S. 5,222,134; Jun. 22, 1993 




Yes 


Rindfrey, Joe hen; "Security in the World Wide Web", Fraunhofer Institute for 
Computer Graphics, Dec. 1996 




Yes 


Finin, Tim; Fritzson, Rich; McKay, Don; "A Language and Protocol to Support 
Intelligent Agent Interoperability", Proceedings of the CE & CALS Washington *92 
Conference, Apr. 1992 


Y 


Yes 


Winslet, Marianne; Smith, Kenneth; Qian, Xiaolei; "Formal Query Languages for 
Secure Relational Databases", ACM Transactions on Database Systems, Vol. 19, 
No. 4, Dec. 1994 




Yes 


Jones, VJE.; Ching, N.; Winslett, M.; "Credentials for Privacy and Inter operation". 
University of Illinois at Urbana-Champaign 




Yes 


Grecnwald, Steven J.; Newman- Wolfe, Richard E.; "The Distributed Compartment 
Model for Resource Management and Access Control", Technical Report Number 
TR94-035, The University of Florida, Oct. 1994 


Y 


Yes 


Moffett, Jonathan D.; "Delegation of Authority Using Domain-Based Access 
Rules", thesis, Imperial College of Science, Technology & Medicine, University of 
London, Jul., 1990 


Y 


Yes 


Lagoze, Carl; McGrath, Robert; Overly, Ed; Ycager, Nancy; "A Design for Inter- 
Operable Secure Object Stores (ISOS)", Cornell University, NCSA, CNRI, Nov. 7, 
1995 




Yes 


Aharonian, Gregory; "Software Patents - Relative Comparison of EPO/PTO/JPO 
Software Searching Capabilities", Source Translation & Optimization 




Yes 


Gaster, Jens L.; "Authors' Rights and Neighbouring Rights in the Information 
Society", DG XA7E/4, European Commission 




Yes ( 
< 


'Europe and The Global Information Society Recommendations to the European 
Council", Bamgemann Report, www.medicif.org web pages, Global Information 
Society, May, 26, 1994 




] 

Yes I 
T 


Bernstein, David; Lenowitz, Erwin; "Copyrights, Distribution Chains, Integrity, and 
Privacy: The Need for a Standards- Based Solution", Electronic Publishing 
Resources 




f 

Yes I 
I 


iubin, A.D.; Honey man, P.; "Long Running Jobs in an Authenticated 
Environment", CIT1 Technical Report 93-1, Center for Information Technology 
ntegration, Mar. 29, 1993 




Y « F 


►arnrner, Peter; Ausserhofer, Andreas; "New Tools for the Internet", Joanneuin 
Research, Graz University of Technology 



* Any possible F Y"s that were missed shall not negate the anticipatory nature ol a reference, particularly where 
there is a chart in Appendix B. 8 



InierTrustTech. Corp. v. Microsoft Corp. 
Case No. C 01-1640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 




Yes 



Eizenberg, Gerard, "Contribution of Information Technology Security to 
Intellectual Property Protection", CERT-DERI 



Yes 



Anlonelli, C J.; Doster, W.A.; Honeyman, P.; "Access Control in a Workstation- 
Based Distributed Computing Environment", CITI Technical Report 90-2. Jul. 17, 
1990 



Yes 



Lord, Si*.; Pope, N.H.; Stepney, Susan; "Access Management in Multi- 
Administration Networks", JEE 2nd International Conference on Secure 
Communication Systems. 1 986 



Yes 



Stepney, Susan; Lord, Stephen P.; "Formal Specification of an Access Control 
System", Software-Practice and Experience, Vo) 17(9), 1987 



Yes 



Brunnstein, Klaus; Sint, Peter P.; "Intellectual Property Rights and New 
Technologies*. Proceedings of the KnowRight'95 Conference. Aug- 1995 



Yes 



Rubin, A.D.; Honeyman, P.; "Formal Methods for the Analysis of Authentication 
Protocols CITI Technical Report 93-7 ", Center for Information Technology 
Integration, Nov. 8, 1993 [ 



Yes 



Lexis/WestLaw 



Yes 



U.S. 6,135,646; Oct. 24, 2000 



Yes 



Bishop, Matt; "Privacy-Enhanced Electronic Mail", Privacy and Security Rcscarh 
Group, IAB 



Yes 



Kim, Won; Bailou, Nat; Chou, Hong-Tai; Garza, Jorge R; Woelk ? Darrell; 
Features of the ORION Object-Oriented Database System* 



Yes 



Key Management Using ANSI X9.17\ Federal Information Processing Standards 
Publication 171, U.S. Department of Commerce, Apr. 27, 1992 



Yes 



S/PAY: RSA's Developer's Suite for Secure Electronic Transactions (SET)" 
Data Security, Inc., 1 997 



RSA 



Yes 



Perlman, Bill; "A Working Anti-Taping System for Cable Pay-Per-View", IEEE 
Trans. On Consumer Electronics, Vol. 35. No.3, Aug. 1989 



Yes 



Organick, Elliott I.; "The Multics System; An Examination of Its Structure", MIT 
Press. 3972 



Yes 



Cina Jr., Vincent J.; White, Star R.; Comerford, Liarn; "ABYSS: A Basic 
Yorktown Security System PC Software Asset Protection Concepts", IBM 
Research Report Number RC 12401, IBM Thomas J. Watson Research Center, 
Dec. 18, 1986 



Yes 



White, Steve R.; Comerford, Liam; "ABYSS: An Architecture for Software 
Protection" IEEE Transactions on Software Engineering, Vol. 16, No. 6, Jim. 1990 



Yes 



Davies, D.W.; Price, Wl.; Security for Computer Networks , John Wiley & Sons, 
1984 



Yes 



MSDN - INF; LAN Manager 2,1 Server Autotuning (Part 2)", PSS ID Number 
Q80078, Microsoft, Feb. 1993 



Yes 



MSDN - License Service Application Programming Interface", API Specification 
vl .02. Microsoft, Jan. 1993 



* Any possible "Y"s that were missed shall not negate the anticipatory nature of a reference, particularly where 
there is a chart in Appendix B. 9 



InierTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 01-3640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 











Yes 


11 lid I Villi \Jllal 1JI11 flOU LU»t UJ C» iJUJilU OI UO i OJ ■ W ■ 

IISP Need #31 - Containers or Secure Packaging; 
lioJr rveeu » j/ - AuineriucaiiOD or i^onieni. 
IISP Need #33 - Control Enforcement; 

TTOT* VI t 111 A Tt "11* 1 T*> ..I, 

IISP Need #34 - Billing and Payment; 
IISP Need #35 - Reporting" 

ANSI Online. Sett. 18. 1995 


r 


Yes 


"Cryptographic API Specification \ Version 0.6, Microsoft, Mar. 1995 




Yes 


Everett, David B.; "Smart Card Tutorial - Part 1", Sep. 1992 


y 


Yes 


Karaainas, r terre, vanoewaiic, je*ui-jacques>, i^cw i/hcluuiu jw imt^iov&u 
Circuit Cards Operating Systems" 


Y 


i es 


rlauser, XaJi; i,ontroj oi iniorrnauOD i^isuiDuuon ana ftcccii , *^i*>*>d wuuh 
W jrt sc n at ts wi s sense nai in cnen rax ui tat L/cr universnai ^.uricn, iviay ji, 




ICS 


Kincrrey, Jocnen; i owaxos an Jtiquu30ie ^ysiem ior /\ccess v,unuui <mu v^uj^iigju 
Protection in Broadcast Image Services: The Equicrypt Approach", Fraunhofer 
Institute for Computer Graphics 




Yes 


weilS. KOD, WuySSey OI r jasiic x urcnasc. z.v/*ocvlwu jvuuiju x ny* nsswioiM* 
Press, Dec. i yy5 




Yes 


*DA.r<mAnt Qnrta.mr- CtrntAnic f~*\\r\*/~*e -f r\r iVla r* i l t~i I TT » t Ki Tc P^parfn Institute 

raynicni oYSierns. oiraieEJC i^noiccs ior mc ruiujc, xuuiuii ixc-oc-«j ^» nuuiuii., 

T » It )t t A A^iinnr«/) QnririArO CiPCtAmc XJ i tor nl 1 r / T 1 C*t 1 -* 




Yes 


"UTTT M.tiuritV r>i»-» PnMr 1QQ7 "P/^iiiort" "RanV Nf»tu/nrV Nrvw Vnl 11 No. 13. 

ktai* i ocy> 




i es 


" AtnAn'r^n Mo t i r\no 1 ^t**ri/?ftr*1* ^Tif^r ifir at irrn for PlTiflnfMsl \^P^<;ape Exchange 

.American iNSijouai oLaiKiaru. opm.iiji,duuij i wi j uwulkii iti^do^ ^ alhuj o 
ueiween t^aru /\ccepior auu /^ccjuijcj, a^.ij , xuijcijuau i-> oiltv^-j ^ nssu\»iauwi*, 
i oon 




Yes 


"ISO 7813-1987 Identification Cards - Financial Transaction Cards", ISO, 1987 


y 


Yes 


MSDN Issue: Summer 1992; Vol. No.: 0 (Beta); 1 Disk, Microsoft, 1992 


y 


Yes 


MSDN Issue: Sep. 1992; Vol. No.: 1; 1 Disk, Microsoft, Sep. 1992 


Y 


Yes 


MSDN Issue: Jan 1993; Vol. No. 2; 1 Disk, Microsoft, Jan. 1993 


Y 


Yes 


MSDN Issue: Apr. 1993; Vol. No. 3; I Disk, Microsoft, Apr. 1993 


Y 


Yes 


MSDN Issue: Summer 1993; Vol. No. 4; 1 Disk, Microsoft, Jul. 1993 


Y 


Yes 


MSDN Issue: Fall 1993; Vol. No. 5; 1 Disk, Microsoft, Oct. 1993 


Y 


Yes 


MSDN Issue: Winter 1994; Vol. No. 6; 1 Disk, Microsoft Jan. 1994 


Y 


Yes 


MSDN Issue: Apr. 1994; Vol. No. 7; 1 Disk, Microsoft, Apr. 1994 


y 


Yes 


MSDN Issue: Jul. 1994; Vol. 8; 1 Disk, Microsoft, Jul. 1994 


Y 


Yes 


MSDN Issue: Oct 1994; Vol. 9; ) Disk, Microsoft, Oct 1994 


Y 


Yes 


MSDN Issue: Jan 1995; Vol. 10; 1 Disk, Microsoft, Jan. 1995 


Y 


Yes 


MSDN Issue: Apr. 1995; Vol. 1 1; 1 Disk, Microsoft, Apr. 1995 


Y 


Yes 


MSDN Issue: Jul. 1995; Vol. 12; 1 Disk, Microsoft. Jul. 1995 


y 


Yes 


MSDN Issue: Oct. 1995; Vol. 13; 1 Disk, Microsoft, Oct. 1995 


Y 


Yes 


MSDN Issue: Jan 1 996; Vol. 14; 2 Disks, Microsoft, Jan. 1996 


Y 


Yes 


MSDN Issue: Apr. 1996; Vol. 15; 2 Disks, Microsoft, Apr. 1996 


Y 


Yes 


MSDN Issue: Jul. 1996; Vol. 16; 1 Disk, Microsoft, Jul. 1996 


Y 


Yes 


MSDN Issue: Oct 1996; Vol. 17; 2 Disks, Microsoft, Oct 1996 


Y 


Yes 


MSDN Issue: Jan 1997; Vol. 18; 2 Disks, Microsoft, Jan. 1997 


Y 


Yes 


MSDN Issue: 16-Bit Archive 1997; Vol NA; 1 Disk, Microsoft, Jan. 1997 



* Any possible "Y"s that were missed shall nol negate the anticipatory nature ot a reference, particularly whe 
there is a chart in Appendix B. 1 0 



InterTrust Tech. Corp. v. Microsoft Corp. 
Case No. C 0M640 SBA (MEJ) 



APPENDIX OF PRIOR ART* 





tin.'. Jii^aaES 

HH 




Y 


Yes 


MSDN Issue: Apr. 1997; Vol. No. 20; 2 Disks, jvncroson, apt. lyyf 


Y 


Yes 


MSDN Issue: Jul. 1997; Vol- No. 21; 2 Disks, Microsoft, Jul. 3997 


Y 


Yes 


MSDN Issue: Oct 1997; Vol. No. 24; 2 Disks, Microsoft, Oct 1997 


Y 


Yes 


MSDN Issue: Visual Studio 1997: Vol. No. 191: 1 Disk, Microsoft, 1997 


Y 


Yes 


MSDN Issue: Jan. 1998; Vol. No. 27; 2 Disks, Microsoft. Jan. 1998 


Y 


Yes 


MSDN Issue: Apr. 1998; Vol. No. 30; 2 Disks, Microsoft, Apr. 1998 


Y 


Yes 


MSDN Issue: Jul. 1 998; Vol. No. 33; 3 Disks, Microsoft, Jul. 1998 


Y 


Yes 


MSDN Issue: Oct 1998; Vol. No.: None; 3 Disks, Microsoft, Uct jyyts 


Y 


Yes 


MSDN Issue: Jan 1999; Vol. No.: None; 3 Disks, Microsoft, Jan. 1999 


Y 


Yes 


MSDN Issue: Apr. 1999; Vol. No.: None; 3 Disks, Microsoft, Apr. 1999 


Y 


Yes 


MSDN Issue: Jul. 1999; Vol. No.: None; 3 Disks, Microsoft. Jul. 1999 


Y 


Yes 


MSDN Issue: Oct. 1 999; Vol. No.: None; 3 Disks, Microsoft, uct l yyy 


Y 


Yes 


Chaum. David: Smart Card 2000, Selected Papers from the Second International 
Smart Card 2000 Conference, Oct. 4-6. 1989 • 


Y 


Yes 


CD Jukebox . _ — 




Yes 


U.S.PatentNo. 4.926,480; May 15, 1990 — 




Yes 


U.S. Patent No. 4,529,870; Jul. 16, 1985 




Yes 


\Afyt>r r„\ 14 • Maty** Stpphp.n M.: CrvrMoeraphv: A New Dimension in 
Computer Security, John Wiley & Sons, New York, 1982 




Yes 


"Interchange Message Specification for Debit and Credit Card Message Exchange 
AmnngFinanHal Institutions". American National Standard. Accredited Standards 
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NOTICE OF MOTION — - 

Pursuant to Fed. R. Civ. P. 56(b) and 35 U.S.C. § 102(b), Defendant Microsoft 
Corporation ("Microsoft' 1 ) respectfully moves for Partial Summary Judgment of Invalidity of the 
Asserted Claims of U.S. Patent No. 5,892,900. This motion is noticed for March 30, 2004 at 1 :00 
p.m. and is based upon this Notice and Memorandum of Points and Authorities, the Declaration 
of Eric Wesenberg and exhibits thereto. Pursuant to the Court's Standing Order, Microsoft met 
and conferred with counsel for InterTrust prior to filing this motion. Declaration of Eric L. 
Wesenberg in Support of Microsoft's Motion for Partial Summary Judgment of Invalidity of the 
Asserted Claims of the '900 Patent at H 6. 

MEMORANDUM OF POINTS AND AUTHORITIES 
I. INTRODUCTION 

Microsoft moves for summary judgment of invalidity of claims 155, 156, and 157 
of U.S. Patent No. 5,892,900 ("the '900 Patent"), pursuant to 35 U.S.C. § 102(b), based on the 
anticipatory disclosure of the prior art U.S. Patent No. 5,1 13,518 ("the Durst Patent" or ic the Durst 
reference"). The Durst Patent issued more than one, year prior to August 12, 1996, the priority 
date InterTrust claims for the '900 Patent, and discloses every limitation of claims 155, 156 and 
.157 of that patent. InterTrust did not cite Durst during the prosecution of the '900 Patent and, 
therefore, the examiner did not take it into consideration in examining the claims that are 
challenged herein. Granting this motion will render claims 155, 156 and 1 57 of the '900 Patent 
invalid, simplifying this case by disposing of that patent altogether (these are the only '900 claims 
asserted by InterTrust). This will eliminate the need for the jury to learn and understand (i) the 
'900 Patent as a whole, (ii) the machine signature programming these claims represent; (iii) the 
details of over 100 infringement arguments that are unique to these claims, and (iv) product 
activation technology altogether, as there would be no claims, asserted against such product 
activation technology remaining in the case. 
II. LEGAL STANDARD 

A. Legal Standard For Summary Judgment 

The Federal Circuit has repeatedly emphasized that "[sjumniary judgment is as 
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appropriate in a patent case as in any other." See Avia Group International, Inc. v. -L.ArGear 
California, Inc., 853 F.2d 1557, 1561 (Fed. Cir. 1988); Spectra Corp. v. Lutz, 839 F.2d 1579, 
1581 n. 6, (Fed. Cir. 1988); Brenner v. United States, 773 F.2d 306, 307 (Fed, Cir. 1985). 
"Where no genuine issue of material fact remains and the movant is entitled to judgment as a 
matter of law, the court should utilize the salutary procedure of Fed. R.'Civ. P. 56 to avoid 
unnecessary expense to the parties and wasteful utilization of the jury process and judicial 
resources." Barmag Barmer Maschinenfabrik AG v. Murata Machinery, Ltd., 731 F.2d 831, 835 
(Fed. Cir. 1984); Brassica Protection Products LLC v. Sunrise Farms (In re Cruciferous Sprout 
Litig., 301 F.3d 1343, 1346 (Fed. Cir. 2002) ("Summary judgment is appropriate when there is no 
genuine issue of material fact and the moving party is entitled to judgment as a matter of law."). 

Summary judgment is warranted when the moving party has demonstrated that 
there is no genuine issue as to any material fact and the moving party is entitled to a judgment as 
a matter of law. See Fed. R. Civ. P. 56(c). A fact is material if it 

"might affect the outcome of the suit under the governing law." 
Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986). "With 
respect to whether there is a genuine issue, the court may not 
simply accept a party's statement that a fact is challenged. 
(Citations omitted). The party opposing the motion must point to 
an evidentiary conflict created on the record at least by a counter 
statement of a fact or facts set forth in detail in an affidavit by a 
knowledgeable affiant. Mere denials or conclusory statements are 
insufficient." 

Barmag, 731 F.2d at 835-36. 

B. Legal Standard For Patent Invalidity 

1. Requirements of 35 U.S.C. S 102(b) 

A party challenging the validity of a patent claim has the burden of showing 
invalidity by clear and convincing evidence. Brassica, 301 F.3d 1343, 1349 (Fed. Cir. 2002). 
Microsoft moves for summary judgment of invalidity based on 35 U.S.C. § 102(b), which states 
that an individual is not entitled to a patent if their claimed invention "was patented or described 
in a printed publication in this or a foreign country ... more than one year prior to the date of the 
application for patent in the United States." 35 U.S.C. § 102(b). Summary judgment should be 
granted where the defendant demonstrates that each element of the challenged claim is disclosed 
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1 in a single prior art reference. Se.e id.; Brown v. 3M, 265 F.3d 1349, 1354-(Fed. Cir. 2001). 

2 The Durst Patent was filed on June 3, 1988 and issued on May 12, 1992. 

3 InterTrust claims a priority date of August 12, 1996 for the '900 Patent. The Durst Patent issued 

4 more than four years before the purported effective filing date of the '900 Patent and thus 
indisputably is prior art to the '900 Patent. Also, as will be shown below, its specification 

6 discloses all elements of claims 155, 156 and 157 of the '900 Patent. The Durst reference is 

7 therefore invalidating prior art under 35 U.S.C. § 102(b), as the purported invention of claims 

8 155-157 "was ... described in a printed publication in this ... country ... more than one year prior 
to the date of the application for patent in the United States" for the '900 Patent. 

2. Presumption of Enablement 

In addition to preceding the challenged patent claims by more than one year and 
disclosing all of the claim elements, an anticipatory reference must enable one of skill in the art to 
reduce the disclosed invention to practice. Amgen Inc. v. Hoechst Marion Roussel. Inc., 314 F.3d 
1313, 1354 (Fed. Cir. 2003). As an issued U.S. patent, the Durst reference carries a presumption 
that it is enabling, even as to the unclaimed matejrial.in its disclosure. Id. at 1355 ("We hold that 
an accused infringer should be .. . entitled to have the district court presume the enablement of 
unclaimed (and claimed) material in a prior art patent defendant asserts against a plaintiff). It is 
InterTrust's burden to overcome the presumption of enablement by bringing forward evidence of 
non-enablement. Id. 

III. ARGUMENT 

A. Overview of the Challenged Claims and the Durst Patent 
1. Claims 155, 156 and 157 of the '900 Patent 

Claims 155, 156 and 157 of the '900 Patent each claim the same device, differing 
from each other only with regard to the final element: 





Claim Language 




A virtual distribution environment comprising 
a first host processing environment comprising 


(hardware) 


a central processing unit; 

main memory operatively connected to said central processing unit; 
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mass storage operatively connected to said central-pwcessing unit and 

said main memory; ' 
said mass storage storing tamper resistant software designed to be loaded 

into said main memory and executed by said central processing unit, 


(software) 


said tamper resistant software comprising: 

machine check programming which derives information from one or 
more aspects of said host processing environment, / 

one or more storage locations storing said information; 

integrity programming which causes said machine check programming to 
derive said information, compares said information to information 
previously stored in said one or more storage locations, and 
generates an indication based on the result of said comparison; and 

programming which takes one or more actions based on the state of said 
indication; 

said one or more actions including ... 


Claim 1 55 


... at least temporarily halting further 
* processing. 


Claim 156 


* 

... at least temporarily disabling 
certain functions. . 


Claim 157 


... displaying a. message to the user. 



The claimed device consists of a virtual distribution environment ("VDE") made up of a host 
processing environment ("HPE") comprising standard personal computer hardware - a central 
processing unit ("CPU"), main memory (e.g., RAM) and mass storage (e.g., disk drive) - 
operationally connected to each other so that each can perform its familiar function. The mass 
storage stores software capable of being loaded into main memory and executed by the CPU. 

The claimed software has three aspects: (i) machine check programming, which 
derives information from one or more aspects of the HPE and stores it in one more storage 
locations; (ii) integrity programming, which activates the machine check programming to derive 
the same information and compares it to the information previously stored, and (iii) programming 
that takes one or more actions depending on the result of the comparison. As will be shown 
below, the claim elements make out a programming structure that the Durst reference disclosed 
more than four years before the 5 900 Patent application was filed. 

Before engaging in an element-by-element comparison, it is useful to look at the 
claims as a whole. The specification of the '900 Patent provides context and sheds light on the 
purpose and function of the claimed purported invention. Programming that derives information 
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about a system, compares it to previously stored, similar information, andtakes protective action 
based on that comparison is well-known in the art —the derived, stored information is often called 
a "machine signature." The '900 specification contains a discussion of machine signatures that, 
discloses program features corresponding to those of claims 155-57. 

The disclosed "machine signature 11 technique involves two programming modules: 
the "installation materials" and the "operational materials": 

The installation materials 3470 may be executed by computer 3372 to 
install the operational materials 3472 onto the computer's hard disk 
3376. The computer 3372 may then execute the operational materials 
3472 from its hard disk 3376 to provide software-based protected 
processing environment 650 and associated software-based tamper 
resistant barrier 672. 

'900 Patent, 231:25-31. 

The installation materials derive a machine signature from the electronic appliance 
and embed that signature into the operational materials. Then, when the operational materials are 
initialized on an appliance, they derive the machine signature of the appliance and compare it to 
the embedded signature: . . ' , 

Correspondence Between Installed Software and Appliance - 
"Signature^. 

Another technique that may be used during the installation routine 
3470 is to customize the operational materials 3472 by embedding a 
"machine signature" into the operational materials to establish a 
correspondence between the installed software on a particular 
electronic appliance 600 (FIG. 69C, block 3470(7)). This technique 
prevents a software-based PPE 650 from being transferred from one 
electronic appliance 600 to another (except through the use of the 
appropriate secure, verified backup mechanism).- 

For electronic appliances 600 where it is feasible to do so, the 
installation procedure 3470 may determine unique information about 
the electronic appliance 600 (e.g., a "signature" SIG in the sense of a 
unique value-not necessarily a "digital signature" in the cryptographic 
sense). Installation routine 3470 embeds the electronic appliance 
"signature" SIG in the installed operational materials 3472. Upon 
initialization, the operational materials 3472 validate the embedded 
signature value against the actual electronic appliance 600 signature 
SIG, and may refuse to start if. the comparison fails.. 

: 900 Patent, 239:4-25. This language is followed by a description of how various machine 
parameters can be used to generate signatures. Id., 239:26-240:42. To summarize, the 
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installation programming embeds a machine signature in the "PPE" ("Protected Processing 
Environment") software, which embedded signature is validated each time the PPE is initialized 
by comparing it to the machine signature of the current machine. If the two signatures do not 
match, reflecting that the PPE software has been transferred to a different unauthorized machine, 
the PPE refuses to start. ' . 

2* The Durst Reference - Overview 

The Durst Patent, titled "Method and System for Preventing Unauthorized Use of 
Software, 55 discloses the same arrangement, functioning in the same manner, with the same 
elements. The Durst system also has the same purpose as the claimed '900 Patent's system - to 
prevent the use of software on an unauthorized computer. The abstract of the Durst Patent 
succinctly captures its close similarity to the apparatus in claims 155-157 of the '900 Patent: 

A technique is disclosed for preventing a computer program fi;om 
being used by a computer system other than a designated system. The 
values of certain characteristics exhibited by the designated computer 
system first are stored, and then the values of those same 
characteristics exhibited by the computer system which is intended to 
use the computer program are measured and compared to the scored 
values. If the compared values are substantially the same, -the 
computer program may be executed. However, if they are different, 
the computer system which was intended to use the program is 
inhibited from executing that program. 

And, just as in the '900 Patent, Durst discloses embedding the machine signature in the software 
itself. Durst, 26:14-21; 27:11-13. The sections that follow show in detail that Durst discloses 
each and every element of these three '900 Patent claims. 
3. The System Environment 

The three '900 Patent claims first recite the computing context in which the 
programming operates. These basic elements are as follows: 



Claim 
Language 



A virtual distribution environment comprising 



1 I Motion for Partial Summary Judgment and Construing "Mini-Marbrian-Glaims" ("Markman 

2 | Order"), July 3, 2003,3155.* Therefore, the Durst reference need not disclose it as such. 2 
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Claim 

Language 



a first host processing environment comprising 



The Court has defined "host processing environment" ("HPE") to mean 
"capabilities -available to a program running on a computer or other device or to the user of a 
computer or other device," which, "[depending on the context ... may be in a single device (e.g., 
a personal computer) or may be spread among multiple devices (e.g., a network)." Markman 
Order, at 45. There is a further distinction between a non-secure HPE and a secure HPE, the 
latter having two additional features: its "processing and/or data is at least in part protected from 
tampering/ 1 and it incorporates "software-based security." Id. 

The Durst reference discloses "HPEs" of both types. First, the Durst reference 
discloses that its technology is to be used within a computer system. Durst, Fig. 1, and 5:60-64. 
Second, the software is "tamper-resistant" ("make[s] tampering more difficult and/or allow[s] 
detection of tampering," Markman Order, at 51). Djjrst discloses an embodiment in which the 
machine signature is itself stored within the software in encrypted form and can thereafter be 
altered only with a password provided by the manufacturer. In this embodiment, the 
manufacturer will first confirm that the customer has modified the system hardware and is 
authorized to receive a new password. Durst, 26:14-21; 27:1 1-13; 28:6-27. Additionally, the 
software may be programmed to change the encrypted key after re-recording the machine 
signature so that each password may be used only once. Durst, 28:3-27. The encryption makes it 
more difficult to tamper with the machine signature, which is both part of the software's code and 
central to its authorization functions. 
/// 



1 The same would presumably apply to the VDE element of claims 1 56 and 157, which employ 
the term "VDE" in exactly the same fashion as claim 155 and which are otherwise almost 
identical to claim 155. 

2 Microsoft maintains its argument that "VDE" is the "present invention" identified in the '900 
Patent ('900 Patent, 2:19-32), and that the asserted claims are invalid for lack of written 
description (35 U.S.C. § 1 12), non-enablement and are not infringed. 
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Finally, the system described in Dur^t incorporates "software-based security." The 
Court has construed "secure" to mean employing "[6]ne or more mechanisms . . . that prevent or 

discourage . . . misuse of or interference with information or processes for the purpose of 
discouraging and/or avoiding harm," which mechanisms may include "tamper resistance" and 
"authentication,' 5 the latter separately defined to mean "[identifying (e.g.- a ... device ... 
including] uniquely identifying." The software contains both the encryption tamper-resistance 
feature described above, and authentication - programming that creates and uses machine 
signatures to uniquely identify hardware and thereby prevent unauthorized use of the software. 
Inasmuch as both of these forms of security are software-based, the Durst reference discloses all 
the features of a HPE under either definition of that term. 



Claim 
Language 



a central processing unit 



13 A central processing unit is a standard computer component -in personal 

14 computers, this. is typically a microprocessor. The Durst Patent discloses a central processing 

15 unit. Durst, Fig. 1; 7:26: . , " 



Claim 
Language 



main memory operatively connected to said central processing unit 



1 8 ■ The Durst reference discloses a main memory (RAM) connected to the CPU. 

19 Durst, Fig. 1; 7:18-20. 



Claim 
Language 



mass storage operatively connected to said central processing unit and said 
main memory . 



22 The Durst reference discloses mass storage (disk drive) connected to the CPU and 

23 main memory. Durst, Fig. 1; 8:15-18 ("... for convenience, the following description is directed 
to software embodied in the form of a floppy disk, although the specification should be 
interpreted to include ... other mass storage devices"); 9:3-4 ("Disk drive 1 16 may take the form 

26 of a floppy disk drive or a fixed disk drive, the latter also being referred to as a 4 hard' or 

27 'Winchester' disk drive"). 
28 
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Claim 
Language 



said mass storage storing tamper resistant software designed to be loaded 
into said main memory and executed by said central processing unit, said 
tamper resistant software comprising 



The Durst software is tamper resistant (see discussion of HPE claim element, 
above). It is, in the standard fashion, loaded from mass storage (e.g., a hard or floppy disk drive) 
into main memory (e.g., RAM) and executed by the CPU. 

• 4. The Programming Is The Same 
The "programming" in the claims at issue has three aspects: "machine check 
programming," which undertakes the generation and storage of the machine signature based on 
HPE information; "integrity programming," which activates the machine check programming to 
re-generate the machine signature and compares the result with the stored signature; and 
"programming which takes one or more actions" based on the result of the comparison. The 
Durst Patent discloses all of these. 

a. Machine Check Programming 



Claim 
Language 



machine check programming which derives information from one or more 
aspects of said host processing environment, one or more storage locations 
storing said information ■ ' . 



(1) The Meaning of This Element 

"Machine check programming" is a module that derives information from one or 
more aspects of the HPE. The court has defined "derive" to mean "obtain, receive, or arrive at 
through a process of reasoning or deduction. In the context of computer operations, the 'process 
of reasoning or deduction' constitutes operations carried out by the computer." Markman Order, 
at 21 . In other words, the computer programming carries out operations on aspects of the 
computing environment to produce data in some form (the machine signature), which it then 
stores. 

The parties agree that this claim language applies to any derivation of information 
that represents an attribute of the hardware on which the machine-check programming is running. 
Throughout its infringement chart, for instance, InterTrust matches this language with the 

/// 
/// 
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following description of an infringing element: "derives from the clientxomputer .^hardware ID 
information" [nterTrust's Amended Disclosures of Asserted Claims and Preliminary 
Infringement Contentions ("IPs Amended Disclosures"), at 18, 20, 34, 36, 38, 40, 42, 44 
(emphasis added). In short, the machine signature may be based on hardware information. 

The parties also agree that hardware ID information can lie based on any parameter 
of the physical, material part of the computer, such as "one or more of the CDROM device, disk 
adapter, disk device, display adapter, first drive serial number, MAC address, processor serial, 
processor type, RAM size, SCSI adapter, PCMCIA controller, audio adapter, and whether the 
computer is dockable." ITs Amended Disclosures, at 25. Elsewhere in its chart, InterTrust lists 
an overlapping but somewhat different set of hardware attributes that could serve as the source of 
the derived information. Microsoft agrees that any hardware parameters will io. 

"Machine check programming" cannot, however, refer to the derivation of 
attributes solely from software files stored on the system. InterTrust has taken inconsistent 
positions on this point, arguing that even a software module that derives its checkable values 
entirely from such files can constitute "machine check programming." See. e.g., ITs Amended 
Disclosure, at 23 (accusing Windows File Protection). InterTrusfs inconsistency is immaterial to 
this motion as Durst clearly teaches deriving information from hardware, which satisfies the 
requirements of § 102(b) anticipation. 

(2) Machine Check Programming in the Durst Reference 

The Durst Patent discloses machine-check programming that generates a machine 
signature from hardware parameters and stores it, The software contains a "measure signature" 
step, Durst, Fig. 14 (and see generally 26:55-27:31), and "the 'signature' of a computer system is 
intended to refer to the values of certain characteristics exhibited by that system." Durst, 3:45-47, 
The characteristics can be of two types: "(a) parameters which are designed specifically into 
individual computer systems (such as the type of processor, the version of operating software, 
etc.), and (b) parameters which are defined by particular tolerances in the manufacture of the 
computer system and its peripherals (e.g., the specific rotating speed of a disk drive, which may 
/// 
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vary within a range of design tolerances, etc.). 5 ' Id., 3:60-68. Much dGQurst's written, description 
explains how to measure particular hardware characteristics in order to create a machine 
signature, such as the 

identification of the computer system processor, the clock speed of 
the computer system clock generator, an identification of the 
computer system ROM, the wait time, or wait cycles, assigned to 
the computer system processor for accessing a RAM, the rotary 
■ speed of a computer system disk drive, the access speed of that disk 
drive and the sector interleave value of that disk drive. 

Id. y 3:50-57; col. 1 1 - col. 25 (detailed description of measuring techniques). However, "[t]he 
invention is not intended to be limited solely to the^e examples; and other characteristics which 
can be used to distinguish one computer system from another are contemplated." Id, 3:57-60. 
The signature is "determined in accordance with the subroutines" that extract these various 
hardware measurements, as described in columns 1 1-25. Durst, 25:58-60. 

The Durst reference also discloses "one or more storage locations storing said 
information": "After the signature of the computer system has been. measured, it is recorded, or 
stored, in the software integrated with the applications program." A/., 26: 14-16; also 27: 1 1-13. 
b. Integrity Programming 



integrity programming which 

causes said machine check programming to derive said information 
compares said information to information previously stored in said 
one or more storage locations, and 

generates an indication based on the result of said comparison 



Claim 

Language 



(1) The Meaning of This Element 

The integrity programming activates the machine check programming, causing it 
to derive information based on HPE parameters in the same manner as discussed above, to 
compare the result to the previously stored result, and to generate an indication reflecting the 
outcome of that comparison. 

An aside is needed regarding the phrase "said information." This language is 
slightly confusing in that it might be taken to mean that the results of the derivation of 
information must be the same as the previously stored information. Yet the purported invention's 
functionality depends on comparing the latter result with the machine signature previously stored 
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to determine if the two are different. Thus, "said information" must meafl; information derived in 

the same manner by the same programming, but which may lead to a different value each time it 

is run. This construction of the term is supported by the specification, '900 Patent, 239:4-25, and 

by InterTrust's own infringement chart. 3 , IT's Amended Disclosures, at 28. 

t 

(2) Integrity Programming in the Durst Reference 

Just as in the '900 Patent claims, the Durst reference discloses programming which 
causes the machine signature to be derived, compares it with the stored signature, and produces 
an indication based on the result. On this point, the language of the Durst Patent is such that a 
comparison chart is the most efficient way to demonstrate the correspondence between the claim 
language and the Durst reference: 



integrity programming 
which 


"The copy protection procedure inquires initially at 1402 if a 
signature has been stored previously on the floppy disk. If 
this inquiry is answered in the affirmative; 1 (26:59-62; Fig. 
14) 


causes said machine 
check programming to 
derive said 
information, 


"then the signature of the computer system with which the 
applications program is intended to be run is measured." 
(26:62-64) < 


compares said 
information to 
information previously 
stored in said one or 
more storage locations, 
and 


"If the measured signature is the same as the previously 
determined and stored signature, inquiry 1412 is answered in 
the affirmative and the applications program is executed, as 
represented by instruction 1408. However, if inquiry 1412 is 
answered in the negative, an error message is displayed, 
thereby indicating that an attempt has been made to run the 
applications program on an unauthorized computer system/ 1 
(26:64-27:3) 


generates an indication 
based on the result of 
said comparison; and 



/// 
/// 
/// 
/// 



3 Microsoft rejects InterTrust's infringement assertions as to its products and cites InterTrust's 
infringement position only to show that the parties are in agreement on the relationship between 
the two different hardware checks that the software performs. 
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c Programming That Undertakes an Actton Based on the 
Comparison Result 



Claim 
Language 


programming which takes one or more actions based on the state of said 
indication 


Claim 
155 only 


said one or more actions including at least temporarily halting further 
processing. 


Claim 
156 only 


said one or more actions including at least temporarily disabling 
certain functions. 


Claim 
157 only . 


, said one or more actions including displaying a message to the user. 

> : — - — 



The action the software takes upon discovering a discrepancy between the 



previous and the current machine signature is the only respect in which claims 155, 156 and 157 
differ from one another. The Durst reference discloses a response to an attempt at unauthorized 
use of the software that satisfies each of these three different claim elements: 4 "[I]f inquiry 1412 
[the check of whether the present and stored signatures match] is answered in the negative, ah 
error message is displayed, thereby indicating' that an attempt has been made to run the 
applications program on an unauthorized computer system. It is appreciated that, under this 
condition, the applications program cannot be executed" Durst, 26:68-27:5. This clearly meets 
the limitations of displaying a message to the user and disabling certain functions, respectively. 

Regarding "at least temporarily halting processing," the Durst Patent discloses that 
the consequence of a negative comparison of machine signatures is to halt processing of the 
protected software. Durst, Figs. 13B, 14, 15; col. 26:68-27:5. 
/// 

III . ■ < 

III 

III 

III 

III . 
Ill 

4 Microsoft notes that the claim language, read plainly, actually requires that the programming 
take one or more actions regardless of the outcome of the comparison: ''programming which takes 
one or more actions based on the state of said comparison." 
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rv. 



CONCLUSION 



Because the Durst Patent disclosure has each and every element of the challenged 
claims Microsoft respectfully requests that the Court declare claims 155, 156 and 157 of U.S. 
Patent No. 5,892,900 to be invalid as anticipated by a prior patent, pursuant to 35 U.S.C. 



§ 102(b). 



Dated: February 23, 2004 
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NOTICE OF MOTION — - - 

Pursuant to Fed. R. Civ. P. 56(b) and 35 U.S.C. § 102(b), Defendant Microsoft 
Corporation ("Microsoft") respectfully moves for Partial Summary Judgment of Invalidity of the , 
Asserted Claims of the '181 Patent. This motion is notibed for March 30, 2004 at 1:00 p.m. and is 
based upon this Notice and Memorandum of Points and Authorities, the Declaration of Sam 
O'Rourke andexhibits thereto. Pursuant to the Court's Standing Order, Microsoft met and 
conferred with counsel for InterTrust prior to filing this motion. Declaration of Eric L. Wesenberg 
In Support of Microsoft's Motion For Partial Summary Judgment of Invalidity of the Asserted 
Claims of the '900 Patent at U 6. 

MEMORANDUM OF POINTS AND AUTHORITIES 
I. INTRODUCTION 

Microsoft moves for summary judgment of invalidity of all asserted claims of U.S. 
Patent No. 6,112,181 (the "'181 patent"), 1 pursuant to 35 U.S.C. § 102(b), based on the 
anticipatory disclosure of the prior art International Publication Number W096/27155, published 
under the Patent Cooperation Treaty on September 6, 1996 (the "PCT" publication). 2 The PCT 
publication was published more that one year prior to the application for the '181 patent and 
discloses every limitation of each asserted claim of the ' 18 1 patent. InterTrust did not cite the 
PCT publication during the prosecution of the ' 1 8 1 patent and, therefore, the examiner did not 
take it into consideration as prior art in issuing the claims that are asserted against Microsoft. 

Granting Microsoft's summary judgment motion will render the asserted claims of 
the '18 i patent invalid, simplifying this case by eliminating fourteen claims and the need for a 
jury to learn and understand the ' 1 8 1 patent technology. It would also eliminate the need to 



The '181 patent is attached as Exhibit A to the Declaration of Sam O'Rourke. 

2 The "PCT' publication is an application filed by InterTrust and is almost identical to InterTrust's 
U.S. Patent Application No. 08/388,107 (the "'107 application") filed on February 13, 1995, and later 
abandoned. The '107 application, often referred to as the "Big Book," spawned the majority of the 
InterTrust patents asserted against Microsoft in the present litigation. Many of the asserted patents are 
either continuations of the ' 1 07 application, or incorporate its specification by reference. The PCT 
publication (W096/27 155) is attached as Exhibit B to the Declaration of Sam O'Rourke. 
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consider Microsoft's "System Management Server (^>MS)" product, versions 2.0 and later, as the 
only claims asserted against this product are from the ' 181 patent. 
II. LEGAL STANDARD 

A. Legal Standard For Summary Judgment # 

The Federal Circuit lias repeatedly emphasized that "[sjummary judgment is as 
appropriate in a patent case as it is in any other case." Desper Prods, v. QSound Lab., 157F.3d 
1325, 1332 (Fed. Cir. 1998) (citing CR. Bard, Inc. v. Advanced Cardiovascular Systems, Inc., 
911 F.2d 670, 672 (Fed. Cir. 1990); See Avia Group International Inc. v. L.A. Gear California, 
Inc., 853 F.2d 1557, 1561 (Fed. Cir. 1988); Spectra Corp. v. Lutz, 839 F.?d 1579, 1581 n. 6 (Fed. 
Cir. 1988); Brenner v. United States, 773 F.2d 306, 307 (Fed, Cir. 1985). "Summary judgment is 
appropriate when there are no issues of material fact and the moving party is entitled to judgment 
as a matter of law," Liquid Dynamics Corp. v. Vaughan Co., Inc., 2004 U.S. <App. LEXIS 1065, 
*13 (Fed. Cir. Jan. 23, 2004); See Fed. R. Civ. P. 56(c). A fact is material if it "might affect the 
outcome of the suit under the governing law." Anderson v. Liberty Lobby, Inc. 477 U.S. 242, 248 
(1986). . , " 

"With respect to whether there is a genuine issue, the court may not simply accept 
a party's statement that a fact is challenged, (citations omitted) The party opposing the motion 
must point to an evidentiary conflict created on the record at least by a counter statement of a fact 
or facts set forth in detail in an affidavit by a knowledgeable affiant. Mere denials or conclusory 
statements are insufficient " Barmag Barmer Maschinenfabrik AG v. Murata Machinery, Ltd., 
731 R2d at 835-36 (Fed. Cir. 1984). 

B. Legal Standard For Patent Invalidity 

An individual is only entitled to a patent for an invention that is novel at the time 
the invention was made. Thus, a defendant in a patent infringement action is entitled to summary 
judgment of invalidity if it establishes by clear and convincing evidence that the applicant failed 
to meet the requirements of patentability. WMS Gaming Inc. v. International Game Tech., 184 
F.3d 1339, 1355 (Fed. Cir. 1999). Microsoft moves for summary judgment of invalidity based on 
35 U.S.C. § 102(b), which states that an individual is not entitled to a patent if their claimed 
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invention "was patented or described in a printed publication in this ora-foreign country ! . . more 
than one year prior to the date of the application for patent in the United States." Summary 
judgment should be granted where the defendant demonstrates that each element of each 
challenged claim is disclosed in a single prior art reference. See Brown v. 3M, 265 F.3d 1349, 
1351 (Fed. Cir. 2001). ' . : 

• As stated above, Microsoft's motion is based upon the September 6, 1996 
publication of PCT publication W096/27 1 55. InterTrust's '181 patent was filed on November 6, 
1997. The PCT publication, therefore, was published a year and two months prior to the filing 
date of the '181 patent and, as will be shown below^ discloses all elements of the asserted claims 
of the ' 1 8 1 patent. Thus, the PCT publication is invalidating prior art under 35 U.S.C. § 102(b), 
as the purported invention of the asserted claims of the '181 patent was "described in a printed 
publication in : . . a foreign country ... . more than one year prior to the date of the application 
for" the ' 18 1 patent in the United States. 
III. ARGUMENT 

The asserted claims of InterTrust's '18 1 patent recite a method for sending 
selected digital information to selected recipients, using "rules and controls" to govern the use of 
that information. The recipients are permitted to use the digital information in a controlled 
environment that enforces the associated "rules and controls." 

As shown below, the PCT publication discloses all of the elements with parallel 
functionality as those recited in the asserted claims of the '181 patent. 3 

A. The PCT Publication Anticipates Claim 91 Of The '181 Patent 

Claim 9 1 of the ' 1 8 1 patent is the narrowest asserted independent claim. 
Demonstration of how the PCT publication anticipates claim 9 1 will, therefore, simplify the 



The asserted claims of the* 181 patent are claims 48, 59,61,62, 63, 70, 72, 75, 89,91, 104, 114, 
117, and 131. 
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analysis of how the PCT publication anticipates the broader asserted independent claim 48. 4 
Claim 91 states as follows: 

91. A method for securely narrowcasting selected digital information to specified 
recipients including: 

* 

(a) receiving selected digital information in a secure container at a 
receiving appliance remote from a sending appliance, the receiving 
appliance having a secure node, the receiving appliance being associated ' 
with a receiving entity; 

(i) the digital information having been selected at least in part based 
on the digital information's membership in a first class, 

(ii) the first class membership, having been determined at least in 
part using rights management information; 

(b) the receiving entity having been selected at least in part based on said 
receiving entity's membership in a second class, 

(i) the second class membership having been determined at least 
part on the basis of information derived from the recipient entity's 
creation, use of, or interaction with rights management information; 

(c) receiving at the receiving appliance rules and controls in a secure 
container, 

(i) the rules and controls having been associated with the selected 
digital information; and 

(d) using at the receiving appliance the selected digital information in 
accordance with the rules and controls, 

(i) the rules and controls being enforced by the receiving appliance 
secure node. 

The sections that follow demonstrate, on an element-by-element basis, that 
the PCT publication anticipates claim 91 . 

1. Claim 91- Preamble 



in 



Claim 
Language 



A method for securely narrowcasting selected digital information to 
specified recipients including: 



\ ■ n , De P^ ndent 2} aims ^ reference claim 9 1 are addressed individually in the sections following the 
claim 9 1 analysis. Dependent claims that reference claim 48 follow the analysis of that claim. 
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A preamble limits the claimed invention if it "recites essential structure or steps, or 
if it is 'necessary to give life, meaning, and vitality' to the claim." Smithkline Beecham Corp. v. 
Excel Pharms., Inc., 2004 U.S. App. LEXIS 1323, *13 (Fed. Cir. Jan. 29, 2004) (citing Catalina 
Mktg. Int'l v. Coolsavings, 289 F.3d 801, 808 (Fed. Cir. 2002)). In this case, the preamble of 
claim 91 recites the step of "narrowcasting" which is necessary to give life, meaning, and vitality 
to claim 91 . This functionality is not otherwise recited in the body of claim 91 , yet it is the 
subject of the alleged invention of the ' 181 patent. InterTrust chose to use both the preamble and 
the body of claim 9 1 to define the subject matter of the claimed invention. When limitations in 
the body of the claim rely upon and derive antecedent basis from the preamble, then the preamble 
may act as a necessary component of the claimed invention. See, e.g., Electro Sci. Indus, v. 
Dynamic Details, Inc., 307 F.3d 1343, 1348 (Fed. Cir. 2002); Rdpoport v. Dement, 254 F.3d 
1053, 1059 (Fed. Cir. 2001). Here, the preamble of claim 91 is limiting. 

The preamble recites a method for narrowcasting selected digital information to 
specified recipients. The term "narrowcast" has an ordinary and customary meaning, which is 
"[t]o transmit data to selected individuals. Contrast with broadcast." Alan Freedman, Computer- 
Desktop Encyclopedia, 9th Edition, McGraw Hill (2001) (hereafter "Computer Desktop 
Encyclopedia") at 65 1 i 5 Although the ' 1 8 1 specification fails to define "narrowcast," it uses the 
term consistent with its ordinary meaning: 



This display may be a "narrowcasting" to a customer based upon his matching 
90 priorities, available digital information resources (e.g., repository, property, etc.) 

u and associated, available classification information. 

21 '181 Patent 8:15-19. 

22 T ne p CT publication discloses the narrowcasting of digital information. For 

23 example, it provides for the administering of an SAT examination to students at various schools 

24 or testing sites. PCT at 913. The example discloses narrowcasting functionality, in that the SAT 
25 

26 

27 5 
28 



The referenced pages of the Computer Desktop Encyclopedia are attached as Exhibit C to the 
Declaration of Sam O'Rourke. 
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1 I test to be administered (data) is transmitted to the particular schoois or-^test sites" (selected 

2 J individuals) administering the exam. Id. Specifically, the PCT publication states: 

3 A scheduled SAT examination for high school seniors is prepared by the 
Educational Testing Service. The examination is placed in a VDE container for 
scheduled release on November 15, 1994 at 1:00 PM Eastern Standard time. 
The SAT prepares one copy of the container for each school or-other Iocati6n 
which will conduct the examination. The school or other location ("test site") 
will be provided with a distributed examination container securely containing 
the ypE identification for the "administration" electronic appliance and/or test ' 
administrator at the test site (such as, a testing organization) and a budget 
enabling, for example, the creation of 200 test VDE content containers. 



Id. 6 



Thus, the PCT publication discloses the riarrowcasting aspect of the preamble of 
claim 9 1 of the ' 1 8 1 patent 

2. Claim 91 -Element (a) 



Claim 
Language 



(a) receiving selected digital information in a secure container at a receiving 
appliance remote from a sending appliance, the receiving appliance having 
a secure node, the receiving appliance being associated with a receiving 
entity; 



This element can be separated into six unique requirements, each of which is 
disclosed by the PCT publication. 

a. The PCT publication discloses a receiving appliance that 
receives information from a remote sending appliance 

Claim 91, element (a) requires a receiving appliance to receive information from a 
remote sending appliance. The term "appliance" is referenced in the specification of the ' 181 
patent as follows: 

Such electronic interactions supported by the Distributed Commerce Utility 
may, for example, entail the broadest range of appliances and distribution 
media, non-limiting examples of which include networks and other 
communications channels, consumer appliances, computers, convergent 
devices such as WebTV, and optical media such as CD-ROM and DVD in 
all their current and future forms. 



Additional examples from the PCT publication include law firms using "VDE" 1 to selectively 
distribute documents, including filing briefs electronically with the courts; VDE trial subscriptions for a 
newspaper; and automated tax collection, such as sales tax, using VDE. PCT at pp. 792-800, 610, and 
690-9 1 . The SAT example is simply illustrative. 
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'181 Patent 35:25-31 (emphasis in quoted text has been added unless otherwise noted); Although 
the scope of the term "appliance" has not been determined by the Court, any construction would 
certainly encompass the disclosure of the PCT publication, which states: 

Electronic appliance 600 may be practically any kind of electrical or electronic 
device, such as: , • 

a computer 

a T.V. "set top" control box 
a pager 
a telephone 
a sound system 
a video reproduction system 
' a video game player 

a "smart" credit card 



PCT at 180. The PCT publication discloses a system whereby the appliance at each school or 
testing site designated to administer the SAT test (receiving appliances) electronically receives an 
SAT test from an Educational Testing Service appliance (sending appliance). PCT at 913. The 
PCT publication specifically discloses a receiving appliance as follows: 

The examination is placed in a VDE container for scheduled release . . . The 
SAT prepares one copy of the container for each school or other location which 
will conduct the examination. The school or other location (".test site") will be 
provided with a distributed examination container securely containing the VDE 
identification for the 'administration' electronic appliance ... 

Id. A sending appliance is also disclosed. The above-quoted passage states that a "VDE 
container" is used for distribution. Creation of VDE protected objects (i.e. the "VDE container" 
containing the SAT test) requires the use of a VDE appliance. PCT at 180, 189. 

b. The PCT publication discloses a sending appliance located 
"remotely" from the receiving appliance 

Element (a) requires the sending appliance to be located "remotely" from the 
receiving appliance. One ordinary and customary meaning of the term "remote" in computer 
science is: 
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Located at a distance from another computer that is accessible-by cables or other 
communications links: a remote terminal. 

Dictionary.com Computer Science Dictionary (2004). 8 Use of the term "remote" in the ' 1 8 1 
specification is consistent with this ordinary meaning: 

distribution using VDE that may package both the electronic content and control 
information into the same VDE container, and/or may involve the delivery to 
an end-user site of different pieces of the same VDE managed property 
from plural separate remote locations and/or in plural separate VDE content 
containers and/or employing plural different delivery means; 

'181 Patent 26:64-27:3. 

The PCT publication discloses a system where an: 

Appliance 600 may communicate with the outside world through any of the 
connections/devices normally used within an electronic appliance. Xhe 
connections/devices shown along the bottom of the drawing are examples: a 
"modem" 618 or other telecommunications link; ... a "cable" 628 
connecting the appliance with a "network" 

PCT at 180-81 . The fact that the Educational Testing Service is at a different location than the 

multiple testing sites, coupled with the statement that appliances may be connected by modem, 

cable or other telecommunications link, is a disclosure that the Educational.Testing Service 

(sending appliance) is located remotely from the testing sites (receiving appliances). 

c - The PCT publication discloses the transmission of "digital 
information" 

Claim element (a) requires the information sent and received to be "digital 
information." The PCT publication discloses an example of a system for the electronic 
distribution and administration of an SAT exam where data is transferred in digital form, as the 
test is placed in a VDE container. PCT at 913. All data in a computer is by necessity in digital 
form. 



See also "remote node" - "A remote user or workstation. Access to the company LAN is made 
V J g^? TS ° r ISDN modem to a connection at the remote access server". Computer Desktop Encyclopedia 

8 The referenced pages of the Dictionary.com Computer Science Dictionary (2004) are attached as 

Exhibit D to the Declaration of Sam O'Rourke. 
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The PCT publication discloses the transmission of digital 
information in a "secure container" 



Element (a) requires digital information to be transferred in a "secure container. 
"Secure container" has been construed by the Court to mean, "A container (defined supra) that 
secure (define supra):" The Court cohstrued "contain" to mean: "~ ' 

To have within or hold. In the context of an element contained within a data 
structure {e.g. a secure container), the contained element may t?e either directly 
within the container or the container may hold a reference indicating where the 
element may be found. 



Order Denying Motion for Partial Summary Judgment and Construing "Mini-Markman Claims 1 
("Markman Order"), July 3, 2003 (Docket #338), p.33 . 
The Court has construed "secure" to mean: 

One or more mechanisms are employed that (whether alone or in conjunction 
with one or more other mechanisms).prevent or discourage misuse of or 
interference with information or processes, or that detect misuse of or 
interference with information or processes for the purpose of discouraging 
and/or avoiding harm. Such mechanisms may include concealment, tamper 
resistance (defined infra), authentication {i.e. identifying (e.g., a person, device, 
organization, document, file* etc.)), and -access control. Concealment means 
that it is difficult to read information (e.g.,' programs may be encrypted). 
Tamper resistance and authentication are defined separately. Access control 
means that access to information or processes is limited on the basis of 
authorization: Security is not absolute. 

"Securely" means: "In a secure (defined supra) manner. 
Markman Order at p. 48. 

The PCT publication states that: 

The school or other location ("test site") will be provided with a distributed 
examination container securely containing the VDE identification for the 
"administration" electronic appliance and/or test administrator at the test 
site . . . and a budget enabling, for example, the creation of 200 VDE 
content containers. 

PCT at 9 1 3. It further states that: 

. . . proper use of VDE 100 for the testing process can prevent improper 
access to test contents prior to testing 



PCT at 916. Thus, the VDE container is an example of a "secure" "container" as those terms 
have been construed by the Court. 
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e. The PCT publication discloses a "secure-node" at the receiving 
appliance 

Element (a) recites a "secure node" at the receiving appliance. The Court's 
construction of "secure" is recited above. A node has the following ordinary meaning in 
computer science: ' ; 

In communications, a node is a network junction or connection point. For 
example, a personal computer in a LAN is a node. A terminal connected to a 
minicomputer or mainframe is a node. 

Computer Desktop Encyclopedia at 674. Thus, a "secure node" includes a computer or terminal 

that prevents, discourages or detects misuse or interference with processes or information for the 

purpose of avoiding harm. Although the '181 specification does not define the term "secure 

node," it uses the term consistently with the ordinary meaning of the term: ' 

Referring again to FIG. 47A, each customed appliance 2052 may Ijave a VDE 
secure node installation 2054 incorporating a protected processing 
environment 154, as described in 'Ginter et aP, and messaging services 
software 2058 that manages communications with other appliances. 

M81 Patent 56: 18-22. 9 " ( • 

The PCT publication discloses the user appliance as a "secure" node. In the case 
of the SAT testing example, the user appliance is the "'administration' electronic appliance" used 
for receiving the "VDE container" containing the examination and rules and controls governing 
its use. PCT at 913. As stated in the PCT publication, each such electronic appliance (node) may 
include a "Secure Processing Unit" or "SPU" (hence, "secure" node): 

Each VDE node or other electronic appliance 600 in the preferred 
embodiment may include one or more SPUs 500 [Secure Processing Units]. 
SPUs 500 may be used to perform all secure processing for VDE 100. For 

example, SPU 500 is used for decrypting (or otherwise unsecuring) VDE 

projected objects 300 SPU 500 may also perform secure data 

management processes including governing usage of, auditing of, and where 
appropriate, payment for VDE objects 300. 

PCT at 189-190. It also states: 



9 "Ginteret al." refers to U.S. Pat. No. 5,892,900, issued Apr. 6, 1999, for "Systems And Methods For 
Secure Transaction Management And Electronic Rights Protection," which is also asserted in the present 
action. 
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... an SPU 500 may be implemented as a single integrated cirettit "chip" 505 to 
provide a secure processing environment in which confidential and/or 
commercially valuable information can be safely processed, encrypted 
and/or decrypted. 

PCT at 190. Thus, the PCT publication discloses a "secure node" - the "'administration' 
electronic appliance" containing an SPU. ' 

f - The PCT publication discloses a system where the receiving 
appliance is associated with a receiving entity 

The.final requirement of element (a) is the "receiving appliance being associated 
with a receiving entity." The PCT publication discloses a system where each test site is 
associated with an "administration" electronic appliance: 

The SAT prepares one copy of the container for each school or other location 
which will conduct the examination. The school or other location ("test 
site") will be provided with a distributed examination container securely 
containing the VDE identification for the "administration" electronic 
appliance and/or test administrator at the test site (such as a testing 
organization) and a budget enabling, for example, the creation of 200 test VDE 
content containers. 

PCT at 913. For a number or reasons, including .the need to delineate the number of tests to be 
distributed to test takers at each particular site, each test site, is associated with an 
"'administration' electronic appliance." 

For the foregoing reasons, the PCT publication discloses all requirements of 
element (a) of claim 91. 

3. Claim 91 -Element (a)(i) 



Claim 
Language 



(i) the digital information having been selected at least in part based on the 
digital information's membership in a first class. 



This limitation requires the digital information referred to in element (a) to be 
selected at least in part based upon its membership in a first class. For example, the ' 1 8 1 
25 specification provides: 



26 



Of particular importance is the notion of classes of content . . . For example, the 

27 I present inventions can make use of . . . topical identification, for example, such 

I as information represented in typical library subject and/or author and/or catalog 

28 and/or keyword search and retrieval information systems ... any information 
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descriptive of an available resource (which may include any information, - 
product, and/or service, whether available In electronic and/or physical forms) 
such as: the quality of a digital product as evaluated and ranked and/or 
otherwise specified by one or more third parties and/or independent third 
parties .... 

'181 Patent 14:35-55. 

♦ 

t 

As discussed above, the PCT publication discloses a system, which by way of 

example, can be used to electronically distribute an SAT test to selected testing sites. In the 

testing example, the distributed information is a particular examination to be given on a specific 

date at a specific time - "November 15, 1994 at 1 :00 PM Eastern Standard time." PCT at 913. 

Thus, the specific electronic SAT test (digital information) sent to the designated testing sites has 

been selected at least in part based on the test's membership in a first class (the particular SAT 

test to be released to testing sites on November 15, 1994 at 1:00 PM Eastern Standard time). The 

PCT publication provides several other examples of testing scenarios where the tests (digital 

information) are selected based upon their membership in a particular class: 

VDE assisted testing may, of course, be employed for many different 
applications including secure identification of individuals for 
security/authentication purposes, for employment (e.g. applying for jobs) 
applications, and for a Ml range of evaluatipn testing. For example, an airline 
pilot, or a truck, train, or bus driver might take a test immediately prior to 
departure or during travel, with the test evaluating alertness to test for fatigue, 
drug use, etc. A certain test may have a different order and/or combination of 
test activities each time, or each group of times, the test is taken. 

PCT at 916. In each of these circumstances, the digital information or content of the particular 
test will be classified based upon its appropriateness to the test takers, the particular venue, date 
and time of examination, and potentially a host of other factors. 

Accordingly, the PCT publication discloses a system where the digital information 
is selected at least in part based on the digital information's membership in a first class. 

4. Claim 91 - Element (aVffl 



Claim 
Language 



(ii) the first class membership having been determined at least in part using 
rights management information; ^ 



As recited in element (a)(ii), membership in the "first class" is determined at least 
in part based upon rights management information. According to the specification of the ' 18 1 
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patent, "[rjights management information may include electronic rules and/or their - 
consequences." '181 Patent 1 1:23-25. Referring again to the testing scenario disclosed in the 
PCT publication, the particular test to be distributed (first class membership) is determined at . 
least in part using rights management information, including any one or more of the following 
electronic rules and /or consequences, 1) the subject matter of the test, 2) the order of the test 
questions, 3) which test questions are presented, and/or 4) timing-related variables such as the 
precise starting, duration and stopping times of the examination. PCT at 916-17. 

These examples disclose the use of "rights management information" to determine 
the digital information's membership in a first class,. 

5. Claim 91 - Element (b) 



Claim 
Language 



(b) the receiving entity having been selected at least in part based on said 
receiving entity's membership in a second class, 



Element (b) requires the receiving entity to be selected at least in part based on its 
membership in a second class. The PCT publication's testing example discloses the distribution 
of a particular SAT examination to a selected class of test .sites: 

A scheduled SAT examination for high school seniors is prepared by the 
Educational Testing Service. The examination is placed in a VDE container for 
scheduled release on November 15, 1994 at 1:00 PM Eastern Standard 
time- The SAT prepares one copy of the container for each school or other 
location which will conduct the examination. The school or other location 
("test site") will be provided with a distributed examination container 
securely containing the VDE identification for the "administration" 
electronic appliance and/or test administrator at the test site ... 

PCT at 913. Thus, this passage discloses the requirements of claim 91, element (b) - a particular 
SAT test is distributed to each test site (receiving entity) that will be administering the SAT on 
November 15, 1994 at 1:00 PM Eastern Standard time (receiving entity's membership in a second 
class). 

6. Claim 91 - Element (b)(i) 



Claim 
Language 



(i) the second class membership having been determined at least in part on 
the basis of information derived from the recipient entity's creation, use of, 
or interaction with rights management information; 
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As explained above in the analysis oj" element (b), selectedtest sites-are members 
of a second class - the class of test sites administering the SAT examination at a particular time 
and date. Element (b)(i) requires the second class membership to be determined at least in part on 
the basis of information derived from the recipient entity's creation, use of, or interaction with 
right? management information. The specification of the ' 181 patent provides numerous ' 
examples of types of "rights management information" that may be used for classification' 
purposes: 

Rights management information may be directly or indirectly inputted to the 
matching, classification and/or selection process. . . The following are 
examples of such information that may be provided based, for example, on rules 
and consequences . . . user questionnaires : ' . audit trail related information ... 
aggregated usage data . . . information measuring or otherwise related to 
institutional behavior; information measuring or otherwise related to ♦ 
institutional preferences; information measuring or otherwise related to 
institutional culture ... , , 



'181 Patent 18:65-19:39. 

As required by this claim element, the membership in the class of test sites is 
determined on the basis of information derived from the. test site's interaction with rights 
management information. For example, sites are determined to be members of a class receiving a 
particular SAT test based upon whether or not that site is scheduled or permitted to administer the 
exam at a designated date and time. PCT at 9 13. Sites may also be selected based on content of 
an examination, i.e. whether it is an SAT test (where the site might be a high school) or a test 
designed for "an airline pilot, or a truck, train, or bus driver " where the test site might be the 
appropriate workplace. PCT at 9 1 6. In addition, membership in the second class is determined 
from the use of VDE identifications, which also is rights management information. The PCT 
publication states: 
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27 II PCT at 913. 



The school or other location ("test site") will be provided with a distributed 
examination container securely containing the VDE identification for the 
"administration" electronic appliance and/or test administrator at the test 
site (such as a testing organization) ... 



28 
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Thus, the PCT publication discloses a process whereby the- second class : 
membership (administering test sites) is determined at least in part on the basis of information 
derived from the recipient entity's creation, use of, or interaction with rights management 
information (test type, date, time, etc.)- ' 

7. Claim 91 - Element (c) 



Claim 
Language 



(c) receiving at the receiving appliance rules and controls in a secure 
container, 



Element (c) requires rules and controls to be received in a secure container at the 
receiving appliance. The term "controls" has been ^construed by the Court to mean: 

"Information and/or programming, controlling operations on or use of resources 
(e.g., content) including (a) permitted, required, or prevented operations, (b) the* 
nature or extent of such operations, or (c) the consequences of such operations." 

Markman Order at p. 36. The term "rules" has not been construed, but in the "mini" Markman 

proceedings, InterTrust argued that "rules and controls" are equated with "control information" in 

the Big Book ('107) application, and that the terms "rule" and "control" are "synonymous." 

InterTrust's Opening Claim Construction Brief at ' 17- 19 (Docket #225). 

The PCT publication discloses process in which rules and controls are packaged in 

a secure VDE container. For example: 

The examination is placed in a VDE container for scheduled release on 
November 15, 1994 at 1:00 PM Eastern Standard time. The SAT prepares 
one copy of the container for each school or other location which will conduct 
the examination. The school or other location ("test site") will be provided with 
a distributed examination container securely containing the VDE 
identification for the "administration" electronic appliance and/or test 
administrator at the test site (such as, a testing organization) and a budget 
enabling, for example, the creation of 200 test VDE content containers. Each 
container created at the test site may have a permissions record containing 
secure identification information for each electronic appliance 600, on the test 
site's network, that will be used by a test taker, as well as, for example, an 
identification for the student who will take the test. 

PCT at 9 13. These passages disclose receiving at the receiving appliance (receipt by test sites) 
rules and controls (release time, identification requirements, budget) in a secure container 
("VDE" or "examination" container), as recited in element (c) of claim 91 . 
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8. Claim 91 - Element (c)(i) 



Claim 
Language 



(i) the rules and controls having been associated with the selected digital 
information; and 



Element (c)(i) calls for rules and controls received by the receiving entity to be 
associated with selected digital information. As explained in the previous sectioti, the PCT 
publication discloses a process, in which an SAT test is packaged into a "secure container',' also 
containing rules and controls (release time, identification requirements, budget) governing access 
and distribution of the examination. PCT at 913. The fact that these rules and controls are 
packaged with, and govern the use of, the test contained in the same secure VDE container, 
demonstrates that the rules and controls contemplated in the PCT publication are "associated with 
the selected digital information." Accordingly, the PCT publication discloses'claim 91 element 

my 

?. Claim 91 - Element fd) 



Claim 
Language 



(d) using at the receiving appliance the selected digital information in 
accordance with the rules and controls, 



Element (d) of Claim 91 requires the receiving appliance to use selected digital 
information in accordance with "rules and controls." As stated above in section 111(A)(8), test 
sites receive a VDE container encapsulating rules and controls including, for example, a budget. 
This budget sets forth the number of "VDE content containers" that may be produced and 
distributed to the test-taking students: 

The school or other location ("test site") will be provided with a distributed 
examination container securely containing the VDE identification for the 
"administration" electronic appliance and/or test administrator at the test site 
(such as, a testing organization) and a budget enabling, for example, the 
creation of 200 test VDE content containers. 

PCT at 913. The "'administration' electronic appliance and/or test administrator at the test site 1 ' 

then creates the number of "test VDE content containers" permitted by the "budget." Id. 

Thus, the PCT publication discloses a receiving appliance (test site) that uses 

(creates VDE content containers) the selected digital information (particular test distributed by 
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the Educational Testing Service) in accordance with the rules and controls- (e.g. a budget), as 
recited in element (d) of claim 91. 

10. Claim 91- Element (d)(i) 



Claim 
Language 



(i) the rules and controls being enforced 1 by the receiving appliance secure 
node. 



, The final element of claim 91 requires the secure node of the receiving appliance 
to enforcethe rules and controls associated with the digital information. As explained in 
Section 111(A)(2), the PCT publication discloses an "'administration' electronic appliance" used 
for receiving the "VDE container" containing the examination and rules governing its use. PCT 
at 913. This electronic appliance enforces the rules andcontrols associated with the SAT test, as 
detailed in the PCT publication's lengthy discussion elaborating on the attributes of such "VDE 
Electronic Appliance[s]," which contain Secure Processing Units. PCT at 180-194. The PCT 
publication states: 

Each VDE node or other electronic appliance 600 in the preferred 
embodiment may include one or more SPUs 500. SPUs 500 may be used to 
perform all secure processing for VDE 100. . ... It is also used for managing 
encrypted and/or otherwise secured communication . . . SPU 500 may also 
perform secure data management including governing usage of. . . .VDE 
objects . . . 

PCT at 189-190. 

Thus, the PCT publication discloses a method where rules and controls (i.e. release 
time, identification requirements, budget, etc.) are enforced by the receiving appliance 
(administration electronic appliance) secure node (having a SPU). 

B- The PCT Publication Anticipates AH Asserted Claims Dependent Upon Claim 
91 of the 481 Patent . 

Claims 104, 114 and 131 are dependent upon claim 91. Claim 1 17 is dependent 
upon claim 1 14, which in turn, is dependent upon claim 91. As detailed supra Sections 111(A)(1)- 
(10), all the elements of claim 91 are present and disclosed in the PCT publication. The PCT 
publication, as demonstrated in the following sections, also anticipates all claims that depend 
upon claim 91. 
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1. Dependent Claim 104 



Claim 
Language 



104. The method of claim 91 wherein said received selected digital 
information includes entertainment information. 



As explained in Section 111(A)(2) with regard to element (a) of claim 91, the PCT 
publication discloses a process in which a server transfers "selected digital information" to a 
receiving appliance. Dependent claim 104 calls for this "selected digital information" to include 
"entertainment information." The ordinary meaning of "entertainment" is "something diverting 
or engaging." Merriam-Webster's Collegiate Dictionary, Tenth Edition (1999). 10 The '181 
specification fails to define or indicate what the term "entertainment information" refers to and, 
therefore, does not contradict the ordinary meaning of the term. 

The PCT publication contemplates the delivery of digital entertainment 
information to end users. It discloses that a sending appliance may distributeall varieties of 
digital information, which are listed in a "repository content catalog." PCT at 839. Such digital 
information may include "lists of publications, software, games, movies, etc." Id, Software, 
games and movies fit within even the narrowest construction of the term "entertainment 
information." Moreover, the PCT publication discloses that any type of electronic information 
may be distributed in VDE containers: 

Figure 20 shows an example of a VDE content object structure 880. Generally, 
content objects 880 include or provide information content. This 'content' may 
be any sort of electronic information. For example, content may include 
computer software, movies, books, music, . . . multimedia information, 
virtual reality information ... 

PCT at 407-408. Various examples of information recited in this passage could be included in the 
category of "entertainment information." Categories such as movies, books and music most 
certainly fit any definition of entertainment information. Therefore, the PCT publication 
anticipates claim 104, as it discloses all the elements of claim 91, as well as end user receipt of 
"entertainment information." 



10 Merriam-Webster's Collegiate Dictionary, Tenth Edition (1999) attached as Exhibit E to the Declaration 
of Sam O'Rourke. 
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Dependent Claim 114 



Claim 
Language 



114. The method of claim 91 wherein said rules and controls specify at 
least one clearinghouse acceptable to rightsholders. 



Claim 114 calls for rules and controls, ds detailed supra Section 1111(A)(7) with 
regard to element (c) of claim 91 , specifying Vat least one clearinghouse acceptable to 
rightsholders." The term "clearinghouse" has: been construed by the Court to mean: 

A provider of financial and/or administrative services for a number of entities; 
or an entity responsible for collection, maintenance, and/or distribution of 
materials; information, license, etc. 

Markman Order at p. 2 L The PCT publication disposes a number of different varieties of 

clearinghouses: 

... a VDE repository may perform audit information clearinghouse services on 
behalf of VDE creators or other participants {e.g. distributors, redistributors, 
client administrators, etc.) for usage information reported by VDE users. Such 
services may include analyzing such usage information, creating reports, 
collecting payments, etc. 

PCT at 817. It also provides for clearinghouses that are acceptable to rightsholders: 

A "full service" VDE repository may be very attractive to both providers and . 
users of VDE managed content Providers of VDE managed content may 
desire to place their content in a location that is well known to users, offers 
credit, and/or performs audit services for them. 

Id. Accordingly, the PCT publication anticipates claim 1 14 of the ' 1 8 1 patent, as it discloses all 
elements of the claim. 

3- Dependent Claim 117 



Claim 
Language 



117. The method of claim 114 wherein said at least one acceptable 
clearinghouse is a rights and permissions clearinghouse. 



As set forth in Section 111(B)(2) supra, the PCT publication discloses a number of 
different varieties of clearinghouse. Among them are clearinghouses which provide rights and 
permissions services: 

The clearinghouse system 3302B is comprised of a user/author registration 
system 3338, template libraries 3340; a control structure library 3342; a 
disbursement system 3344; an authorization system 3346 comprised of a 
financial system 3348 and a content system 3350 ... 
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PCT at 821-22. Features such as "a control structure library," "a disbursement system," "an 
authorization system" and "a content system" are all components of a clearinghouse that 
distributes, authorizes and governs the use of content. This describes the functionality of a rights 
and permissions clearinghouse. Accordingly, because the PCT publication discloses all elements 
of claims 91 and 1 14 (upon which claim 117 depends), as wellas the additional element of claim 
1 1 7, the PCT publication anticipates claim 1 1 7 of the ' 1 8 1 patent. 
4. Dependent Claim 131 



Claim 
Language 



131. The method of claim 91 wherein said receiving appliance is a personal 
computer. 



In addition to all the elements of claim 91, claim 131 requires that the receiving 
appliance, discussed supra Section 111(A)(2), be a personal computer. One ordinary meaning of a 
"personal computer" is: 

Synonymous with "microcomputer," "desktop computer/' and "laptop 
computer," it is a computer that serves one user in the office or home. 

Computer Desktop Encyclopedia at 75 1 . The PCT publication specifically, discloses a system 
where the receiving appliance is a computer: 

Electronic appliance 600 may be practically any kind of electrical or electronic 
device, such as: 

o a computer 

PCT at 180. Moreover, the PCT publication specifically discloses that the electronic appliance 
may be a "personal" computer, stating "if appliance 600 is a personal computer . . ." 
PCT at 18 1. Thus, in addition to reading on all elements of claim 91 of the * 181 patent, the PCT 
publication discloses a system where the receiving appliance is a personal computer, thereby 
anticipating claim 131. 
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C The PCT Publication Anticipates Claim 48 Of The ''tS-fr Patent ^ 

Claim 48 of the ' 1 8 1 patent is very similar to claim 91." The substantive 
difference between these claims is that claim 91 requires a "secure container," whereas claim 4? 
omits this requirement. The effect of this omission is to render claim 48 broader than claim 91. 
This omission also renders claim 48 tnore easily anticipated, because the anticipating reference 
need not disclose the use of a "secure container." 

Practically, therefore, because claim 91 is anticipated by the PCT publication, 
claim 48 is as well. Rather than repeat the anticipation analysis set forth in Section 111(A) supra 
for claim 48, the following is a chart setting forth the anticipation analyses that is applicable to 
each element of this claim: 



48. A method for narrowcasting selected digital information to specified recipients, 
including: [Section IIt(A)(l)J 



(a) at a receiving appliance, receiving selected digital information from a sending appliance 
remote from the receiving appliance, the receiving appliance having a secure node and being 
associated with a specified recipient; [Section 111(A)(2)] 



1 
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D - The PCT Publication Anticipates All Asserted Claims Dependent U pon Claim 

24 48 Of The '181 Patent ™ 

25 Claims 59, 61 , 63, 70, 72 and 89 are dependent upon claim 48. Claim 62 is 

26 dependent upon claim 61 and claim 75 is dependent upon claim 72. Thus both are also ultimately 

27 u Non-substantively, claim 48 simply combines several of the elements recited in claim 91 into 
single elements. 

28 



(i) the digital information having been selected at least in part based on the digital 
information's membership in a first class, [Section .111(A)(3)] wherein the first class 
membership was determined at least in part using rights management information; and 
[Section 111(A)(4)] 



(ii) the specified recipient having been selected at least in part based on membership in a 
second class, [Section 111(A)(5)] wherein the second class membership was determined at 
least in part on the basis of information derived from the specified recipient's creation, use of, 
or interaction with rights management information; and [Section 111(A)(6)] 



(b) the specified recipient using the receiving appliance to access the received selected digital 
information in accordance with rules and controls, [Section 111(A)(9)] associated with the 
selected digital information, [Section 111(A)(8)] the rules and controls being enforced by the 
receiving appliance secure node. [Section III(A)(10)J 
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dependent upon claim 48. As detailed in the chart sypra Section III(C)^ail the elements of claim 
48 are present and disclosed in the PCT publication. The PCT publication, as demonstrated in the 
following sections, also anticipates all claims that depend upon claim 48. 
1. Dependent Claim 59 



Claim 
Language 



59. The method of claim 48 wherein said received selected digital 
information is at least in part event information. ■ 



Claim 59 requires that selected digital information be at least in part "event 
information." The ordinary meaning of the term "event" is "something that happens: 
occurrence." Mer riant- Webster's Collegiate Dictionary, Tenth Edition (1999). Thus, "event 
information" is simply information about something that happens. Although the 4 181 patent fails 
to define the term "event information," the plain meaning of the term is consistent with its use in 
the '181 specification: 

* 

Various ticket agencies 4506(1 )-4506(n) may send information about specific 
events 45 12(l)-4512(n) and/or information about agency services 45 14(1)- 
45 1 4(n) to the matching and classification ytility 900. In another example, an 
event promoter may send event information directly to the matching and 
classification utility 900. . , 

"181 Patent 80:52-57. 

The testing example of the PCT publication discloses a test site receiving, in a 
secure container, information regarding an SAT test. This SAT testing information includes 
information regarding the date and time of the test: 

A scheduled SAT examination for high school seniors is prepared by the 
Educational Testing Service. The examination is placed in a VDE container for 
scheduled release on November 15, 1994 at 1 :00 PM Eastern Standard 
time. The SAT prepares one copy of the container for each school or other 
location which will conduct the examination. 

PCT at 913. The PCT publication also discloses other timing related variables: 

Electronic testing employing VDE 100 may also ensure that timing related 
variables of testing (for example precise starting, duration, and stopping 
times) can be reliably managed. 

PCT at 916. Thus, the received selected digital information (VDE container encapsulating the 

exam and rules and controls) is at least in part event information (information regarding the 

release date, timing and schedule of the SAT examination), thereby anticipating claim 59. 
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2. Dependent Claim 61 



Claim 
Language 



61. The method of claim 48 wherein said received selected digital 
information is at least in part entertainment information/ 



Claim 61 is anticipated because the PCT publication discloses all elements of 
claim 48 (as demonstrated in Section 111(C)), as well as the additional element recited in this 
claim (as demonstrated in Section 111(B)(1)). 

3. (- Dependent Claim 62 



Claim 
Language 



62. The method of claim 61 wherein said entertainment information is at 
least in part music information, _^ 



As demonstrated in Section 111(D)(2), the PCT publication anticipates claim 61. 
Claim 62 depends upon claim 61 and recites the additional element that the "entertainment 
information" of claim 61 is at least in part "music information." The PCT publication specifically 
discloses that the digital information received by the receiving appliance can include "music" 
information: - 

. Figure 20 shows an example of a VDE content object structure 880. Generally, 
content objects 880 include or provide information content. This "content" may 
be any sort of electronic information. For example, content may include . „ . 
music ... 

PCT at 407-08. Accordingly, claim 62 is anticipated by the PCT publication. 
4. Dependent Claim 63 



Claim 
Language 



63. The method of claim 48 wherein said received selected digital 
information is at least in part executable software. 



Claim 63, which depends on claim 48, recites the additional element requiring the 
selected digital information to be at least in part "executable software." The Court has construed 
the term "executable programming" to mean "A computer program that can run, directly or 
through interpretation." See Order at p. 22 (Docket No. 338). The PCT publication discloses the 
transmission and reception of digital information that may include "executable software," stating: 

Figure 20 shows an example of a VDE content object structure 880. Generally, 
content objects 880 include or provide information content. This "content" may 
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. be any sort of electronic information. For example, content may include 
computer software ... j 

i 

PCT at 407-408. Thus, the PCT publication anticipates claim 63 of the ' 1 81 patent. 
5. Dependent Claim 70 



Claipi 
Language 



70. The method of claim 48 wherein said rules and controls at least in part 
govern usage audit record creation. 



Claim 63, which depends on claim 48, recites the additional element wherein the 
rules and controls "at least in part govern usage audit record creation." The PCT publication 
discloses rules and controls that at least in part govern usage audit record creation in its SAT 
testing scenario: 

. . . proper use of VDE 100 for the testing process can prevent improper access 
to test contents prior to testing and ensure that test taking is properly audited 
and authenticated, that is which person took which test, at which time, on 
which electronic appliance, at which location. * 

PCT at 916. Thus, the PCT publication anticipates claim 70 of the c 181 patent. 

6. Dependent Claim 72 " 



Claim 
Language 



72. The method of claim 48 wherein said rules and controls in part 
specifying at least one clearinghouse acceptable to rightsholders. 



Claim 72 is anticipated because the PCT publication discloses all qlements of 
claim 48 (as demonstrated in Section 111(C)), as well as the additional element recited in this 
claim (as demonstrated in Section 111(B)(2)). 

7. Dependent Claim 75 



Claim 
Language 



75, The method of claim 72 wherein said at least one acceptable 
clearinghouse is a rights and permissions clearinghouse. 



Claim 75 is anticipated because the PCT publication discloses all elements of 
claim 72 (as explained directly above in Section 111(D)(6)), all elements of claim 48 (as 
demonstrated in Section 111(C)), as well as the additional element recited in this claim (as 
demonstrated in Section 111(B)(3)). 



DOCSSV1;260337.2 



-24- 



MICROSOFT'S MOTION FOR PARTIAL SUMMARY 
JUDGMENT OF INVALIDITY OF THE '181 PATENT 

CASE NO. CO I -1640 SB A (MEI) 



1 

2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 



8. Dependent Claim 89 



Claim 
Language 



89. The method of claim 48 wherein said receiving appliance is a personal 
computer. 




Claim 89 is anticipated because the PCX publication discloses all elements of 
claim 48 (as demonstrated in Section 111(C)), as well as the additional element recited in this 
claim (as demonstrated in Section 111(B)(4)). 
IV. CONCLUSION 

For the forgoing reasons, Microsoft respectfully requests that the Court declare 
U.S. Patent No. 6, 1 12, 1 8 1 invalid as anticipated under 35 U.S.C. § 102(b) by the PCT publication 
published under International Publication Number WO 96/27155. 
Dated: February 23, 2004 

By: 

WILLIAM L. ANTHONY 
ERIC L. WESENBERG 
HEIDI L.KEEFE 
KENNETH J. HALPERN 
SAM O'ROURKE 

ORRICK HERRJNGTON & SUTCLLFFE, LLP 
1000 Marsh Road 

Menlo Park, CA 94025 • ■ 
Telephone: (650)614-7400 

STEVEN ALEXANDER 
KRISTIN L. CLEVELAND 
JAMES E. GERTNGER 
JOHN D. VANDENBERG 
KLARQUIST SPARKMAN, LLP 
One World Trade Center, Suite 1600 
121 S.W.Salmon Street 
Portland, OR 97204 
Telephone: (503) 226-7391 

Attorneys for Defendant and Counterclaimant 
MICROSOFT CORPORATION 

Of Counsel: 

T. Andrew Culbert, Esq. 
One Microsoft Way 
Building 8 

Redmond, WA 98052-6399 
Phone: 425-882-8080 
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ORIGINAL 



WILLIAM L. ANTHONY (State Bar No. 106908) 
ERIC L. WESENBERG (State Bar No. 139696) 
HEIDI L. KEEFE (State Bar No. 1 78960) 
SAM O'ROURKE (State Bar No. 205233) 
ORRICK, HERRINGTON & SUTCLIFFE, LLP 
1000 Marsh Road RECEIVED 
Menlo Par^ CA 94025 

Telephone: (650)614-7400 MAY - 5 2004 

Facsimile: (650)614-7401 

r<lcs v ■ RICHARD \V. W!£K!NG 

STEVEN ALEXANDER (admitted ^M^WiMxWc^m^ 
KRISTIN L. CLEVELAND (admitted Pro HdfrVice) 
JAMES E. GERINGER (admitted Pro Hac Vice) 
JOHN D. VANDENBERG 
KLARQUIST SPARKMAN, LLP , 
One World Trade Center, Suite 1600 
121 S.W. Salmon Street 
Portland, OR 97204 

Telephone: (503)226-7391 'j.' ■ 

Facsimile: (503)228-9446 

Attorneys for Defendant and Counterclaimant, 
MICROSOFT CORPORATION 

UNITED STATES DISTRICT COURT 
NORTHERN DISTRICT OF CALIFORNIA 
OAKLAND DIVISION 



INTERTRUST TECHNOLOGIES 
CORPORATION, a Delaware corporation, 

Plaintiff, 



v. 



MICROSOFT CORPORATION, a 
Washington corporation, 

Defendant. 



AND RELATED CROSS-ACTION. 



Case No. C 01-1640 SBA(MEJ) 
Consolidated with C 02-0647 SBA (MEJ) 

JOINT STIPULATION OF 
DISMISSAL WITH PREJUDICE 
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WHEREAS the Parties have resolved their dispute; 

IT IS HEREBY STIPULATED AND AGREED by and between Plaintiff 
InterTrust Technologies Corporation and Defendant and Counterclaimant Microsoft Corporation 
by and through their respective undersigned counsel, and pursuant to Federal Rules of Civil 
Procedure 41(a)(l)(ii) and 41(c), that the above-captipned matter be dismissed in its entirety with 
prejudice, with each side bearing its own costs and attorney's fees. 



Dated: 





ERIC L. WESENBERG 
ORRICK, HERRING* ON & j 



Eric L. Wesenberg 
Attorneys for Defendant and* Counterclaimant 
MICROSOFT CORPORATION 



Dated: '^yvV 



MICHAEL H. PAGE. 
KEKER &VAN NEST LLJ 




.^vfichael H.Page^ 
Attorneys for Plaintiff and Couriterdefendant 
INTERTRUST TECHNOLOGIES CORP. 



PURSUANT TO STIPULATION, IT IS SO ORDERED 



Dated: C^b'd*/ 





Hon. Saundra"Br6wn Armstrong 
United States District Judge 
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DECLARATION OF SERVICE VIA ELECTRONIC MAIL AND U.S. MAIL 

I am more than eighteen years old and not a party to this action. My place of . 
employment and business address is 1000 Marsh. Road, Menlo Park, California 94025. 

On May 10, 2004, 1 served: 

JOINT STIPULATION OF DISMISSAL WITH PREJUDICE 

By transmitting a copy of the above-listed document(s) in PDF form via electronic mail Michael 
H. Page at mhp@kvn.com, Doug Derwin at doug.derwin@derwin.com, 
dderwin@intertrustcom; James E. Geringer atjames.geringer@klarquist.com and Michael 
Lyons at mlyons@morganlewis.com and also by placing true and correct copies of the above 
documents in an envelope addressed to: 



John W. Keker, Esq. 
Michael H. Page, Esq. 
Keker & Van Nest, LLP 
710 Sansome Street 
San Francisco, C A 94111 
Tel. No. 415-391-5400 
Fax No. 415-397-7188 
Email: jwk@kvn.com 
Email: mhp@kvn.com 
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Attorneys for Plaintiff, INTERTRUST 
TECHNOLOGIES CORPORATION 

Michael Lyons, Esq. 

Morgan Lewis & Bocttius LLP 

3300 Hillview Avenue 

Palo Alto, C A 94304 .. 

Tel. No. 650-493-4935 

Fax No. 650-493-5556 

Email: mIyons@morganlewis.com 

Attorneys for Plaintiff InterTrust 
TECHNOLOGIES CORPORATION 



Doug Derwin, Esq. 

DERWIN & SlEGEL 

3820 Alpine Road 

Portola Valley, CA 94028 

Tel. No: 650-529-8700 

Fax No: 650-529-8799 , 

E-mail: doug.derwin@derwin.com 

E-mail: dderwin@intertrust.com 

Attorneys for Plaintiff, INTERTRUST 

TECHNOLOGIES CORPORATION 



Johii D. Vandenberg, Esq. 

Michael Lyons, Esq. 

Morgan Lewis & Bockius LLP 

3300 Hillview Avenue 

Palo Alto, CA 94304 

TeL No: 503-226-7391 

Fax No: 503-228-9446 

Email: john.vandenberg@klarquist.com 

Email: james.geringer@klarquist.com 

Attorneys for Defendant and Counterclaimant, 
MICROSOFT CORPORATION 



and sealing the envelope, affixing adequate first-class postage and depositing it in the U.S. mail 
at Menlo Park, California. 

Executed on May 10, 2004 at Menlo Park, California. 

I declare under penalty of perjury that the foregoing is true and correct. 



ANNA FREDDIE 
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DECLARATION OF SERVICE VIA ELECTRONIC MAIL AND 
U.S. MAIL-CASE NO. CO 1-1640 SBA(MEJ) 
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Press Release 

Microsoft and InterTrust Settle Outstanding 
Litigation and License Intellectual Property 

Redmond, WA, and Santa Clara, CA, April 12, 2004 - Microsoft 
Corporation and InterTrust Technologies Corporation announced today 
that Microsoft has taken a comprehensive license to InterTrust's 
patent portfolio for a one-time payment of $440 million. 

The agreement resolves all outstanding litigation between the two 
companies. In addition, InterTrust receives rights under Microsoft 
patents to design and publish InterTrust reference technology 
specifications related to DRM (Digital Rights Management) and 
security. Microsoft and InterTrust believe this agreement will 
accelerate adoption and development of DRM technologies. 

"Licensing InterTrust's patent portfolio reaffirms Microsoft's 
commitment to the importance of intellectual property rights as well 
as our commitment to our end-user customers to stand behind our 
products in these emerging technology areas," said Marshall Phelps, 
deputy general counsef and corporate vice president of intellectual 
property at Microsoft. "One of our goals with this and our broader IP 
licensing program is to provide peace of mind for our customers and 
partners by letting them know that patent licensing is our 
responsibility. Doing an effective job at managing the IP in our 
software differentiates our products and builds confidence that 
Microsoft has the rights necessary to build innovative solutions." 
"Today's announcement validates InterTrust's intellectual property 
portfolio as seminal to advancing DRM and trusted computing in the 
marketplace," said Talal Shamoon, chief executive officer of 
InterTrust. "InterTrust will continue to help drive the adoption of 
these important technologies through our inventions, licensing 
programs and reference technologies, and we expect to develop a 
thriving licensing business going forward." 
The settlement agreement ensures that Microsoft's end user 
customers can use Microsoft products and services as they are 
intended to be used without requiring a license from InterTrust. In 
addition, software developers who build products using Microsoft 
platform technology will not require an InterTrust license for normal 
and expected uses of the Microsoft technology. 
However, developers, including system integrators, may need a 
license from InterTrust for other uses of Microsoft technology, 
including cases in which Microsoft technology is combined with third 
party technology. Information about licensing terms, questions about 
whether a license is needed, and documents needed to license 
InterTrust technology can be found in licensing. Third-party software 
developers can also obtain information from Microsoft at 
www.microsoft.com/presspass. 

"DRM solutions are essential to secure valuable personal, business, 
and commercial content in a massively connected world," said Wilt 
Poole, senior vice president of the Windows client business at 
Microsoft. "With our existing technology and IP portfolio combined 
with our new agreement with InterTrust, Microsoft is committed to 
working with the broader industry to accelerate the promotion of DRM 
standards and solutions. Microsoft and our partners are delivering the 
most powerful and flexible rights management solutions in the 
industry, while assuring customers that we have the IP necessary to 
secure our products." 



secure our products." 



About InterTrust Technologies Corporation 

InterTrust is an independent, privately held company located in Silicon 
Valley. The Company was founded in 1990 and was publicly traded 
from 1999 to early 2003 when it merged with a joint venture owned 
by Sony, Philips, and Stephens Bank. The Company holds 30 U.S. 
patents and has over 100 patent applications pending worldwide. 
InterTrust's patent portfolio covers software and hardware techniques 
that can be implemented in a broad range of products that use DRM 
and trusted computing technologies, including computer operating 
systems, digital media platforms, web services, and enterprise 
infrastructure. InterTrust has research, engineering, and IP groups 
focused on developing and monetizing next-generation technologies 
and inventions. 

About Microsoft Inc. 

Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader 
in software, services, and solutions that help people and businesses 
realize their full potential. 

# # # 

Media Contacts 

For more Information, press only: 

Robin Buckley, Buckley Kaldenbach for InterTrust, (703) 533-9805, 
robin@buckleykaldenbach.com 

Isabel Kaldenbach, Buckley Kaldenbach for InterTrust, (703) 979- 
3076, isabel@buckleykaldenbach.com 

Leigh Anne Varney, Varney Business Communications for InterTrust, 
(415) 387-7250, la@varneybusiness.com 

Mark L. Martin, Waggener Edstrom for Microsoft, (425) 638-7000, 
markm@wagged.com 

Microsoft Rapid Response Team, Waggener Edstrom, (503) 443-7070, 
rrt@wagged.com 

Note to editors: Additional information on InterTrust and Microsoft can 
be found at the following websites. For InterTrust, please visit other 
pages of this website. For Microsoft, please visit the Microsoft web 
page at http://www.microsoft.com/presspass/ on Microsoft's 
corporate information pages. Web links, telephone numbers, and titles 
were correct at time of publication, but may since have changed. For 
additional assistance, journalists and analysts may contact Microsoft's 
and/or InterTrust's Rapid Response Teams respectively or other 
appropriate contacts listed at 

http://www.microsoft.com/presspass/contactpr.asp. 
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